Hi all,
I''m sure I''m soing something wrong here.
I am trying to set up a rate limit inside another rate limit.
eg. I have a 512K rate limit on a particular VLAN. I am using an IFB so
that packets passing through the bridge are counted at each port.(ie the
throughput is limited to 512K, not just the traffic in one direction.)
This part works OK, but I also want to limit a particular IP to much
less than that, say 100K. Therefore, overall the VLAN can pass no more
thatn 512K, and the particular host cannot exceed 100K of that 512K.
Using the config below, I''m able to limit the VLAN to 512K and the
nominated host to 100K, but the total (ie nominated host + all other
traffic) adds up to 612 K. The child classes are limiting approriately,
but not respecting the parent class. Anybody care to shed some light on
what I might be doing wrong?
Config as follows:
#!/bin/sh
# Load kernel modules
modprobe ifb numifbs=1000
modprobe act_mirred
# set up raw queuing discipline on ports.
tc qdisc add dev eth0.10 root handle 1:0 cbq bandwidth 100Mbit avpkt
1000 cell 8
tc qdisc add dev eth1.10 root handle 1:0 cbq bandwidth 100Mbit avpkt
1000 cell 8
# bring up IFB
ifconfig ifb10 up
# Add queuing disciplines to IFB
# Raw qdisc first.
tc qdisc add dev ifb10 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000
cell 8
# Now add the rate limit
tc class add dev ifb10 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate
512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated
# Now re-direct all ingress packets to the IFB
tc qdisc add dev eth0.10 ingress
tc qdisc add dev eth1.10 ingress
tc filter add dev eth0.10 parent ffff: protocol ip prio 10 u32 match u32
0 0 flowid 1:1 action mirred egress redirect dev ifb10
tc filter add dev eth1.10 parent ffff: protocol ip prio 10 u32 match u32
0 0 flowid 1:1 action mirred egress redirect dev ifb10
# Now add a 100K rate limit for packets to or from 172.16.1.117, plus
another 512K rate limit for the entire VLAN.
# Add an unlimited class for un-matched data.
tc class add dev ifb10 parent 1:1 classid 1:2 cbq bandwidth 100Mbit rate
512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated
# Add the new class, limited to 100K
tc class add dev ifb10 parent 1:1 classid 1:3 cbq bandwidth 100Mbit rate
256Kbit weight 10KBit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated
# Now add the filters to direct traffic to each of the above classes.
tc filter add dev ifb10 parent 1:0 protocol ip prio 1 u32 match ip src
172.16.1.117/32 flowid 1:3
tc filter add dev ifb10 parent 1:0 protocol ip prio 1 u32 match ip dst
172.16.1.117/32 flowid 1:3
tc filter add dev ifb10 parent 1:0 protocol ip prio 2 u32 match u32 0 0
flowid 1:2
Class 1:3 is a 100K rate limit.
1:2 is a 512K rate limit, for otherwise unmatched traffic.
1:2 and 1:3 are both children of 1:1, which is an overall 512K limit.
Should this not set an upper limit for all traffic through ifb10?
Regards,
Leigh
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@pacificwireless.com.au
web www.pacificwireless.com.au
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc