Ok, so I''m working on a traffic shaping configuration to roll out for my employers. However I''m no wizard @ this and have a few concerns. My script (attached) is completely hacked on wondershaper. What I need to do differently from wondershaper is I need seperate throttles for local and international traffic (I have a list of all the netblocks in my country). [QUERY 1] It''s important for me to understand tc''s rule matching properly: is the first matching rule taken or do multiple matches apply? At first I had duplicated all the rules for international and local traffic, with the rules for local traffic including a match ip dst $i for each local IP block. Now I match those addresses only and assign a flowid, which I make all my other rules children of- this will work? [QUERY 2] Ok, this is a strange one. In script attached you will find rules for TCP/ACK and ICMP matching, twice for local and international traffic. The rules for international traffic result in an "illegal "match"" unless I add them first in which case the local rules result in an "illegal "match""- what am I doing wrong? [QUERY 3] How slow is tc''s matching? I need a few rules, for about 800 IP blocks. Is there a way for me to index this? [QUERY 4] In-bound filtering: How to filter at different rates for local & international traffic? [QUERY 5] At first I had assumed these rules only apply to packets being routed?- Having run this on our mailserver and having users complain about slow-down :D I now know this is not the case. Does some-one have an example of how to implement tc on a machine which is used to provide services to a local network as-well? -- Don''t feel obliged to answer all my questions (though feel free ;D); if you have time to give me an answer or two, it would be much appreciated. *Script attached* Best Regards, Andrew Lewis
On Monday 22 September 2003 10:24, al@mail.int.xm.co.za wrote:> Ok, so I''m working on a traffic shaping configuration to roll out for my > employers. However I''m no wizard @ this and have a few concerns. > > My script (attached) is completely hacked on wondershaper. What I need to > do differently from wondershaper is I need seperate throttles for local and > international traffic (I have a list of all the netblocks in my country). > > [QUERY 1] > > It''s important for me to understand tc''s rule matching properly: is the > first matching rule taken or do multiple matches apply? At first I had > duplicated all the rules for international and local traffic, with the > rules for local traffic including a match ip dst $i for each local IP > block. Now I match those addresses only and assign a flowid, which I make > all my other rules children of- this will work?First match is taken. The prio parameter can be used to change the order the filters are matched.> [QUERY 2] > > Ok, this is a strange one. In script attached you will find rules for > TCP/ACK and ICMP matching, twice for local and international traffic. The > rules for international traffic result in an "illegal "match"" unless I add > them first in which case the local rules result in an "illegal "match""- > what am I doing wrong?No idea.> [QUERY 3] > > How slow is tc''s matching? I need a few rules, for about 800 IP blocks. Is > there a way for me to index this?The u32 is a fast filter.> [QUERY 4] > > In-bound filtering: How to filter at different rates for local & > international traffic?Incoming traffic can be rate limited with a policer attached to filters. But this is not very powerfull. If you have a dedicated shaping box, you can shape on both interfaces. Or you can try to patch your kernel and iptables binary so you can use the virutal imq devive.> [QUERY 5] > > At first I had assumed these rules only apply to packets being routed?- > Having run this on our mailserver and having users complain about slow-down > :D I now know this is not the case. Does some-one have an example of how to > implement tc on a machine which is used to provide services to a local > network as-well?Adding a qdisc to an interface shapes the outgoing traffic. No matters if this is on a router or on a server. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/