I am having a problem with Ingress limiting. I need to limit a interface
to 6Mbit of traffic incoming and outgoing. Below is what I am trying to
do. I know that it would be best to limit the incoming traffic at the
upstream router. But, this is not an option. I need to limit traffic
only on the Internet connection. Each of these machines will have at
least one ethernet segment, but could have many other interfaces.
Linux Box
*----* eth1
Internet(eth0) | |--------
---------------| |
(6Mb in+out) | |----\
*----* |
Other Interfaces?
So, here is how I am thinking about doing this. I want to put an ingress
qdisc on the Internet side (eth0) to control the incoming bandwidth. Then
I want to put a CBQ+TBF to do the limiting on the outbound side. I
don''t
have a problem with the outbound traffic. But I can''t seem to get the
Ingress stuff to work. Here is what I am trying to do...
tc qdisc add dev eth0 handle ffff: ingress
ipchains -A input -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -m 1
ipchains -A output -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -m 2
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw \
police rate 6000kbit burst 40k drop
This is not working, I don''t see any data coming over the ingress
qdisc.
Should this work? Is their a better way of doing this( I think I need to
limit only on the internet connection )? I am currently using linux
2.2.14 with the DS-8 patch and I have new iproute2 utils. Thanks in
advance...
josh