Hey,
I currently have a box serving as a firewall (running iptables) and packet
shaper (using tc / tcng''s tcc compiler) to shape a large amount of
inbound
and outbound traffic to my data center.
Whilst I can perform shaping functions using HTB, I need to also provide an
absolute (to the nearest few 100kb/s) bandwidth usage maximum. As an example
I might have 200MBit/sec "agreed" bandwidth, and the ability to go up
to
500MBit/sec if I wish. Anything past 200MBit/sec invokes a huge cost.
Example tcc script (might contain typos):
dev eth0 {
ingress
{
$inpolicer = SLB ( cbs 100kB, cir 200Mbps );
class (<$whatever>) if SLB_ok ($policer);
drop if 1; /* Drop the traffic exceeding the 200mbit rate */
}
egress
{
$egpolicer = SLB (cbs 100kB, cir 200Mbps );
class (<$ftp>) if (ip_dst == 10.1.1.1 && tcp_dport == 21
&&
SLB_ok ($egpolicer));
class (<$web>) if (tcp_dport == 80 && SLB_ok ($egpolicer));
class (<$oth>) if SLB_ok ($egpolicer); /* classify to oth if
max bw not exceeded */
drop if 1; /* I assume we reached max bw if we get here? */
htb(){ ... }
}
}
The question is: Can I rely on something like the SLB macro to absolutely
guarantee this maximum is enforced, or do I need to find some other way to
let me sleep at night?
Also, is there a better way of doing this and does the script look ok?
Thanks in Advance!
Dan
