Hi! Please post the other tc commands too, so I may test it. Regards, Daniel> -----Ursprungligt meddelande----- > Från: lartc-admin@mailman.ds9a.nl > [mailto:lartc-admin@mailman.ds9a.nl]För Fredrik Rambris > Skickat: Tuesday, October 17, 2000 2:04 PM > Till: lartc@mailman.ds9a.nl > Ämne: [LARTC] Bandwidth limiting problem > > > Hi! > > I''m trying to limit the access to and from a 2MBit leased line to a > total of 128kbit (up+down must not exceed 128kbit). > > eth0 is connected to our lan with 100MBit > eth1 is connected to Internet via a router > > I''ve tried modifying the examples in the howto and it succeeds up to the > filter definition where I get an error. > > tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \ > dst 192.168.3.0/24 flowid 10:100 > > gives > > RTNETLINK answers: Ogiltigt argument > > (Ogiltigt argument == Invalid argument) > > This should be a real easy one. Only one class (the whole local network) > should only get access to 128kbit of the 2Mbit. > > Anyone have some idea of what I could be doing wrong? > > / Fredrik Rambris > -- > Admera Solution Provider AB > Tel: 0733-850 814 > Position: 55°36´13N 13°03´36E
It works fine for me. Have you compiled the kernel with all QoS settings on? Regards, Daniel> -----Ursprungligt meddelande----- > Från: boost@lxmul01aspm.admera.local > [mailto:boost@lxmul01aspm.admera.local]För Fredrik Rambris > > tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000 > > tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit \ > rate 100Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000 > > tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 100Mbit \ > rate 128kbit allot 1514 weight 80Kbit prio 5 maxburst 20 avpkt 1000 \ > bounded > > tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15 > > tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \ > dst 192.168.3.0/24 flowid 10:100
On Wed, Oct 18, 2000 at 09:34:30AM +0200, Fredrik Rambris wrote:> Daniel Bergqvist wrote: > > > > It works fine for me. Have you compiled the kernel with all QoS settings on? > > Darn. I forgot the u32 rate esitmator... it works fine now. One thing > that the HOWTO doesn''t really tell is if the upstream and downstream is > 128kbit+128kbit or 128kbit/128kbit (they share the same bandwidth).It does tell you. Unless you use the ingress policer, you only limit *outgoing* data on an interface. So if you want to limit both up and downstream, you need 2 interfaces, and 2 sets of rules. You can also use the ingress policer but that''s a bit after the fact, as the HOWTO says ''like throwing away half the letters you receive, in the hope that people will stop sending you them''. Regards, bert hubert> > > > > -----Ursprungligt meddelande----- > > > Från: boost@lxmul01aspm.admera.local > > > [mailto:boost@lxmul01aspm.admera.local]För Fredrik Rambris > > > > > > tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000 > > > > > > tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit \ > > > rate 100Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000 > > > > > > tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 100Mbit \ > > > rate 128kbit allot 1514 weight 80Kbit prio 5 maxburst 20 avpkt 1000 \ > > > bounded > > > > > > tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15 > > > > > > tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \ > > > dst 192.168.3.0/24 flowid 10:100 > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/ > > -- > Admera Solution Provider AB > Tel: 0733-850 814 > Position: 55°36´13N 13°03´36EContent-Description: Card for Fredrik Rambris -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
On Wed, Oct 18, 2000 at 01:39:56PM +0200, Fredrik Rambris wrote:> > You can also use the ingress policer but that''s a bit after the fact, as the > > HOWTO says ''like throwing away half the letters you receive, in the hope > > that people will stop sending you them''. > > I could live with that (if it works). In the shaping example in the > howto. How would ingress be implemented? What''s the syntax?See the dDoS example in the HOWTO, it installs an ingress policer on SYN packets. I tried it at home and had some problems, tc gave an error, but perhaps I lack features in the kernel. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet