We use ifb in both directions, and it works very well. Bur Marco is right, matching the dest ip within ifb will not work if you are natted. However, I'm sure there are ways around that. Here's an example of what we do (the client devices come in on br0): the ingress device is ifb0, the egress is ifb1 echo load br0 egress classes /sbin/tc class add dev br0 parent 1: classid 1:1 hfsc sc rate 1000mbit /sbin/tc class add dev br0 parent 1:1 classid 1:10 hfsc sc rate 1000mbit /sbin/tc filter add dev br0 parent 1: protocol ip priority 10 u32 match u32 0 0 flowid 1:10 action mirred egress redirect dev ifb1 echo load br0 ingress qdisc /sbin/tc qdisc del dev br0 handle ffff: ingress 2>/dev/null /sbin/tc qdisc add dev br0 handle ffff: ingress /sbin/tc filter add dev br0 parent ffff: protocol ip priority 10 u32 match u32 0 0 flowid 1: action mirred egress redirect dev ifb0 # then, just provide the regular qdiscs, classes and filters to ifb0 and ifb1. This works well for us; hfsc provides a fairly solid bandwidth control in our case. The only downside is that we need to set up the same for all client networks (we have a number of vlans on that side besides br0). Note that the ifb devices are attached not on the wan interfaces, but on the client side interfaces. On Mon, Mar 16, 2015 at 12:26 PM, Marco Gaiarin <gaio@xxxxxxxxx> wrote: > Mandi! Nick Pelling > In chel di` si favelave... > >> I now have tc doing this beautifully on the uplink traffic (I use 'action skbedit mark 1', why is this trick mentioned hardly anywhere?): but, like almost every other first time poster here :-) , I'm having no luck at all getting this working for downlink traffic. > > ?! Looking on google form 'skbedit' lead me to multiqueue management: > > https://www.kernel.org/doc/Documentation/networking/multiqueue.txt > > and seems not related... can you explain better? > > >> Specifically, I've put in a lot of work trying to get IFB working, but it seems to be stitched too early in the packet processing chain to be any use for shaping a WAN interface's downlink traffic. Basically, my downlink bandwidth stats stay resolutely at zero bytes / zero packets, whatever I try. :-( > > I've asked something similar some weeks ago, here. > > I've also done some tests, and seems to me that, missing iptables > hooks, you have also no NAT, so if you have to match dest IP you cannot > in IFB, because dest ip is everytime the public ip. ;( > > -- > dott. Marco Gaiarin GNUPG Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ > Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Mike SCHMIDT CTO Intello Technologies Inc. mike.schmidt@xxxxxxxxxxx Canada: 1-888-404-6261 x320 USA: 1-888-404-6268 x320 Mobile: 514-409-6898 www.intello.com -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
