On Tuesday 17 September 2002 20:02, Josh Chamas wrote:
> Does anyone have an idea on how to police incoming bandwidth
> to my server/workstation, in addition to outgoing. I have
> a rule set like this so far that does well to limit my
> outbound traffic, but what could I add to this that would
> limit my inbound traffic to $LIMIT as well, ideally both
> inbound & outbound sharing the same $LIMIT say 200kbit.
If you create a imq devce (you need to patch kernel + iptables for this),=
you=20
can redirect incomint and outgoing to this device so you can make sure IN=
+=20
OUT < 200kbit.
> LIMIT=3D200kbit
> HOSTIP=3DNNN.NNN.NNN.NNN
>
> start () {
> tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 10mb=
it
> tc class add dev eth1 parent 1: classid 1:1 cbq rate $LIMIT allot =
1500
> prio 5 bounded isolated tc filter add dev eth1 parent 1: protocol ip pr=
io
> 16 u32 match ip src $HOSTIP flowid 1:1 tc qdisc add dev eth1 parent 1:1=
sfq
> perturb 10
> }
>
> The reason I want this is to be able to limit my bandwidth
> to what I pay for at my colocation facility, & I only have
> one server/host machine there, no router.
>
> I have read the docs about policing bandwidth with little
> help, and it seems that when I try to reference the ingress
> rules, I get a kernel error, maybe its not compiled into my
> stock 7.2 redhat by default? It sounded like ingress rules
> might be related to policing, if so I am out of luck.
You also need tc with ingress support. Why not compile your own kernel ?=
And=20
I don't use RH, so I don't know if there kernels support ingress.
> The FreeBSD dummynet/ipfw implementation seem to handle this
> just fine out of the box, so I suspect this functionality
> is lurking in the tc rules, but have not found any online
> docs that seem to know how to clearly do it.
It is, ingress + policer is the answer.
Stef
--=20
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net