LARTC - Feb 2001 - bandwidth limiting when src and dst are on the same interface

Hello!

I have a problem here.

I set up a Linux 2.4 machine to do bandwidth limiting for some of our
customers.

Current setup is something like this:

|--------|       backbone       |-------|               |---------|
|Internet|225.1-----------225.10|limiter|228.1----228.10|cust. gw2|
|--------|          |      eth0 |-------| eth1          |---------|
                    |
		 225.20
               |---------|
               |cust. gw.|
               |---------|

225.1 is IP of the border router.
225.10 is "outside" IP of the limiter
225.20 is IP of the customer gw (don''t ask...I didn''t do this)
228.1 is "inside" IP of the limiter
228.10 is customer2 gw

Now, I have no problems limiting traffic from/to customer2. I do it like
this:

tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000

tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit \
  rate 128kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:1 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match \
  ip src xxx.xxx.228.10 flowid 10:1

tc qdisc add dev eth1 root handle 20: cbq bandwidth 100Mbit avpkt 1000

tc class add dev eth1 parent 20:0 classid 20:1 cbq bandwidth 100Mbit \
  rate 128kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth1 parent 20:1 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 20:0 protocol ip prio 100 u32 match \
  ip dst xxx.xxx.228.10

Now, the 228.10 (customer2) is limited to 128k up/128k down. All nice.

I want to limit the customer on 225.20. It should not be a problem,
adjusting routing (225.1<->225.10<->225.20 instead of
225.1<->225.20),
then adding this:

tc class add dev eth0 parent 10:0 classid 10:10 cbq bandwidth 100Mbit \
  rate 512kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:10 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \
  src xxx.xxx.225.20 flowid 10:10

tc class add dev eth0 parent 10:0 classid 10:11 cbq bandwidth 100Mbit \
  rate 512kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:11 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \
  dst xxx.xxx.225.20 flowid 10:11

Now, this doesn''t work. The customer is NOT limited to 512k. Tested.
Downloading from ftp (not on our network) was as fast as 143KB (which is
waaaaay more than 512kbit, even more than double that).

Now, is it impossible to do limiting that way? I don''t know.
Another possibility is the limiter sending ICMP redirects, I haven''t
tried disabling them yet. 225.1 is linux 2.2, 225.10 is linux 2.4
and 225.20 is some 3com ADSL stuff. Is that the problem?

And BTW, these things are mostly from the howto...I don''t even know
what most of the options mean. I might have screwed up something.

Thanks for answers,

-- 
Borut
borut.mrak@ijs.si
-----------------
Diplomat: A man who always remembers a woman''s birthday but
never remembers her age.