Dear list, I want to rate-limit a couple of customers in both up and down directions. They get a different speed for traffic staying on our network than for traffic towards/from the internet, so that''s a master class and 2 child classes per customer per interface. I made a test setup with cbq which worked, but wasn''t too reliable I measured a tolerance of about 30%. I read that cbq is not maintained, htb is much more reliable, and I believe I can do the same classful stuff mentioned above with htb. Am I correct? The box I will use to limit the traffic on has 3 ethernet connections with customers and 1 uplink. I read somewhere that only outgoing traffic can be limited. Is that correct or will limiting of incoming traffic work but isn''t it just as reliable? If I would filter outgoing traffic from the customer on the box, I would have to do that on every interface except for the one the customer is on. Therefore the client will be able to sent out more traffic than allowed, if it is spread over multiple outgoing interfaces. Is there a solution to this? I figure I can not make classes that span multiple interfaces to limit the total traffic leaving the box and coming from the customer? If I use ip aliasing (a la eth0:1), does that mean I would have to make qdiscs/classes for eth0:1 or will the traffic be covered by the qdisc/classes on eth0? Uhmm, that''s enough for now. Thanks a lot to everyone who can help me a bit further. Serge. ------------- Op de inhoud van dit e-mailbericht en de daaraan gehechte bijlagen is de inhoud van de volgende disclaimer van toepassing: http://www.zeelandnet.nl/disclaimer.php
> They get a different speed for traffic staying on our network than for > traffic towards/from the internet, > so that''s a master class and 2 child classes per customer per interface.Ok.> I made a test setup with cbq which worked, but wasn''t too reliable I > measured a tolerance of about 30%. > I read that cbq is not maintained, htb is much more reliable, and I > believe I can do the same classful > stuff mentioned above with htb.Correct.> The box I will use to limit the traffic on has 3 ethernet connections > with customers and 1 uplink. > I read somewhere that only outgoing traffic can be limited.Only outgoing traffic can be classfully shaped or limited.> Is that correct or will limiting of incoming traffic work but isn''t it > just as reliable?It''s just not very flexible.> If I would filter outgoing traffic from the customer on the box, I would > have to do that on every > interface except for the one the customer is on. Therefore the client > will be able to sent out > more traffic than allowed, if it is spread over multiple outgoing > interfaces.What is your concern, inter-customer traffic ? Or even the Internet traffic can go thru more than one interface ?> Is there a solution to this?Yes, IMQ. You can do ingress shaping with it, or you can bundle output traffic from various interfaces and shape at a single point.> If I use ip aliasing (a la eth0:1), does that mean I would have to make > qdiscs/classes for eth0:1 > or will the traffic be covered by the qdisc/classes on eth0?No qdiscs for aliases, all traffic is covered at that the main interface. Rubens _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> Only outgoing traffic can be classfully shaped or limited. > > Is that correct or will limiting of incoming traffic work > but isn''t it just as reliable? > > It''s just not very flexible.In what manner? As in no borrowing / lending or as in hard to configure or as in ... ?> > Therefore the clientwill be able to sent out > > more traffic than allowed, if it is spread over multiple outgoing > > interfaces. > > What is your concern, inter-customer traffic ? Or even the Internet > traffic can go thru more than one interface ?No, there is one uplink to the internet. The other links go to networks with other customers. But there''s quite some inter-customer traffic.> > Is there a solution to this? > > Yes, IMQ. You can do ingress shaping with it, or you can bundle output > traffic from various interfaces and shape at a single point.I will check it out then. Is that bundling as in bundling on a loopback interface? I remember that''s how Cisco likes to do things. Thanks for the answers! Serge. ------------- Op de inhoud van dit e-mailbericht en de daaraan gehechte bijlagen is de inhoud van de volgende disclaimer van toepassing: http://www.zeelandnet.nl/disclaimer.php _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi. Serge Maandag wrote:>>Yes, IMQ. You can do ingress shaping with it, or you can bundle output >>traffic from various interfaces and shape at a single point. > I will check it out then. Is that bundling as in bundling on a loopback > interface? I remember that''s how Cisco likes to do things.That''s what the IMQ Faq answers to your questions: === cut ==1. What can i do with imq ? The imq device has two common usage cases: * Ingress shaping: With linux only egress shaping is possible (except for the ingress queue which can only do ratelimiting). IMQ enables you to use egress qdiscs for real ingress shaping. * Shaping over multiple interfaces: Qdiscs get attached to devices. A consequence of this is that one qdisc can only handle traffic going to the interface it is attached to. Sometimes it is desireable to have global limits on multiple interfaces. With imq you can use iptables to specify which packets the qdiscs sees, so global limits can be placed. === cut ==Source: http://trash.net/~kaber/imq/faq.html Hth. Bye, Mike _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Haha, I see that even was the top question in the Faq, sorry.. Thanks for the help. Serge.> > <stupid question> > > That''s what the IMQ Faq answers to your questions: > > === cut ==> 1. What can i do with imq ? > > * Ingress shaping: > * Shaping over multiple interfaces:> Hth. > > Bye, Mike > >------------- Op de inhoud van dit e-mailbericht en de daaraan gehechte bijlagen is de inhoud van de volgende disclaimer van toepassing: http://www.zeelandnet.nl/disclaimer.php _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wed, 21 Jan 2004, Serge Maandag wrote:> > Only outgoing traffic can be classfully shaped or limited. > > > Is that correct or will limiting of incoming traffic work > > but isn''t it just as reliable? > > > > It''s just not very flexible. > > In what manner? As in no borrowing / lending or as in hard to > configure or as in ... ?Ingress only limit, do not shape. Egress can shape or limit, depending on qdisc/classes configuration.> > What is your concern, inter-customer traffic ? Or even the Internet > > traffic can go thru more than one interface ? > > No, there is one uplink to the internet. The other links go to networks > with other customers. But there''s quite some inter-customer traffic.Inter-customer traffic will me limited anyway according to target downlink (from you to customer); it''s a freebie that you probably shouldn''t mind to give away. Rubens _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/