Vitale Alessandro wrote:
I would like to test police in ingress. I use kernel 2.4.20.
FWIW if you try a 2.6 whether or not policers will see marks will depend on your config - Packet action will give a new policer that hooks before netfilter.
I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1004 -j MARK --set-mark 4 tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 2500000 burst 90k drop tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 2 fw police rate 1500000 burst 90k drop tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 3 fw police rate 1000000 burst 90k drop I generate traffic with smartbits and i made this test: 1)len packet layer2 64 byte,
Is that actually possible on eth? packets per second 5500 = 2810000 bit per second
2)len packet layer2 1000 byte, packets per second 350 = 2800000 bit per second The 2 test is good i receive a trafiic with 2500000 rate limit ! The problem is with 1 test because i received full band 2810000 without any limit! Is there any problem with police rate? It doesn't work with small packets? I've to set some other usefull parameter?
On eth shapers/policers will see packets as ip length +14 but there are more overheads/mpu.
Currently you can't specify mpu/overhead for policers, It may be added soon - but that will be 2.6s I guess.
Andy. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
