Hi
all,
I'm sure I'm soing
something wrong here.
I am trying to set
up a rate limit inside another rate limit.
eg. I have a 512K
rate limit on a particular VLAN. I am using an IFB so that packets passing
through the bridge are counted at each port.(ie the throughput is limited to
512K, not just the traffic in one direction.) This part works OK, but I also
want to limit a particular IP to much less than that, say 100K. Therefore,
overall the VLAN can pass no more thatn 512K, and the particular host cannot
exceed 100K of that 512K.
Using the config
below, I'm able to limit the VLAN to 512K and the nominated host to 100K, but
the total (ie nominated host + all other traffic) adds up to 612 K. The child
classes are limiting approriately, but not respecting the parent class. Anybody
care to shed some light on what I might be doing wrong?
Config as
follows:
#!/bin/sh
# Load kernel modules
# Load kernel modules
modprobe ifb numifbs=1000
modprobe act_mirred
modprobe act_mirred
# set up raw queuing discipline on ports.
tc qdisc add dev eth0.10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
tc qdisc add dev eth1.10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
# bring up IFB
ifconfig ifb10 up
# Add queuing disciplines to IFB
# Raw qdisc first.
tc qdisc add dev ifb10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
# Now add the rate limit
tc class add dev ifb10 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated
tc qdisc add dev eth0.10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
tc qdisc add dev eth1.10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
# bring up IFB
ifconfig ifb10 up
# Add queuing disciplines to IFB
# Raw qdisc first.
tc qdisc add dev ifb10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
# Now add the rate limit
tc class add dev ifb10 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated
# Now re-direct all ingress packets to the
IFB
tc qdisc add dev eth0.10 ingress
tc qdisc add dev eth1.10 ingress
tc filter add dev eth0.10 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb10
tc filter add dev eth1.10 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb10
tc qdisc add dev eth0.10 ingress
tc qdisc add dev eth1.10 ingress
tc filter add dev eth0.10 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb10
tc filter add dev eth1.10 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb10
# Now add a 100K rate limit for packets to or from
172.16.1.117, plus another 512K rate limit for
the entire VLAN.
# Add an unlimited class for un-matched data.
tc class add dev ifb10 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated
# Add an unlimited class for un-matched data.
tc class add dev ifb10 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate 512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated
# Add the new class, limited to
100K
tc class add dev ifb10 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 256Kbit weight 10KBit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated
tc class add dev ifb10 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate 256Kbit weight 10KBit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded isolated
# Now
add the filters to direct traffic to each of the above
classes.
tc filter add dev ifb10 parent 1:0 protocol ip prio
1 u32 match ip src 172.16.1.117/32 flowid 1:3
tc filter add dev ifb10 parent 1:0 protocol ip prio 1 u32 match ip dst 172.16.1.117/32 flowid 1:3
tc filter add dev ifb10 parent 1:0 protocol ip prio 2 u32 match u32 0 0 flowid 1:2
tc filter add dev ifb10 parent 1:0 protocol ip prio 1 u32 match ip dst 172.16.1.117/32 flowid 1:3
tc filter add dev ifb10 parent 1:0 protocol ip prio 2 u32 match u32 0 0 flowid 1:2
Class 1:3 is a 100K
rate limit.
1:2 is a 512K rate
limit, for otherwise unmatched traffic.
1:2 and 1:3 are both
children of 1:1, which is an overall 512K limit. Should this not set an upper
limit for all traffic through ifb10?
Regards,
Leigh
Leigh
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@xxxxxxxxxxxxxxxxxxxxxx
web www.pacificwireless.com.au
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@xxxxxxxxxxxxxxxxxxxxxx
web www.pacificwireless.com.au
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc