similar to: Strategy for penalising IPs with too many simultaneous sessions

Guys Considering the festive season is upon us, thanks to everyone contributing to the list and helping all the readers with your great input! I don''t want to mention names, I''ll most certainly leave someone out. With this mail I''d like to test some theory on bandwidth management, with my own successes and failures during the past year. Sharing a link between 200

I am successfully running ingress (IMQ) and egress (HTB) shaping on a bridge. Is there any way to combine and share the bandwidth between ingress and egress? Example: I have set up www service for egress at 128 KB and ingress at 256 KB. The shaping on them works fine separately. However, I want to create a single virtual pipe for www traffic and limit both ingress and egress combined to 256 KB.

[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to

I''ve followed this list for quite a long time and have even posted a couple of times. I used the early versions of IMQ from Devik (I think that was his name), and it worked well. I only ever got the chance to implement it in my test environment. I now need to implement it in my production environment. My Linux core router has nine interfaces and has a 27 megabit connection to the

How to use IFB as replacement of IMQ There is not much documentation about it Please explain with example -- Failure seldom stops you. What stops you is the fear of failure. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

I have two interfaces, eth0 and eth1 but i can''t discern the egress traffic than ingress traffic. I need to apply htb qdisc in both directions, and I read that I need the IMQ patch to do this, because in ingress qdisc i can''t apply htb qdisc...but where is the ingress qdisc? affect the traffic that goes from eth0 to eth1 or is for the traffic that goes from eth1 to eth0?

Hi all I''m new to this list, but not exactly to iproute stuff. I''d like to solve a specific problem with bandwidth coming from different external sources towards the internal network (also the other way around, but I figure that''s not so much a problem, since that is egress traffic shaping). The network looks like this: internet ------ ISP-------[shaping/router]

Hi all, this is really not really very easy to understand, or, to get in. Well, I''ve the following configuration on the router box: LAN - interface: eth0 - network: 192.168.2.5/24 - bandwidth: 100Mbit/s INET interface - interface: ppp0 - network: .dynamic.ip./0 - bandwidth: DOWN=1536kbit/s and UP=256kbit/s the LAN interface is to serve 6 other clients with internet and

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress

I''m trying to do some very simple rate-shaping on an interface. I want to limit my 100baseT interface to 7 megs both ingress and egress of the interface. I''ve been hacking my way through the documentation and some examples and I''ve come up with the following configuration for tcng that seems to do what I want. I''m curious if some of the other experts out

Here''s a challenging problem for you experts to tackle: I''m trying to shape traffic going into an IPSEC interface which then goes over a DSL PPPoE interface. I figure I need to shape the DSL interface to keep it''s hardware queue mostly empty, and to

Hello, I run one of my PCs as my personal router, with iptables+tc to control traffic and be my firewall. In TC, I use a combination of htb, qdisc and sfq (as well as prio) to classify bandwidth. In my current setup, I have 10 classifications of my bandwidth. (Even I admit this is probably more than I need, but at this point I''m still learning, so I''ll just leave them be.)

Hi, I''m looking for info about IFB devices and how I can use it to incomming traffic shapping. Has IFB any web about it? Do any body known where I can find more info about it? I found this: http://linux-net.osdl.org/index.php/IFB But I can''t stand fine how to use it to allow many ifb''s devices or how to use it with "tc actions". Any help? Thanks --

Hi, I have typical situation, local LAN with private addresses, translated via NAT to internet. I need to shape ingress traffic (from internet to local LAN) in several HTB queues accorting to destination (private not public) IP. So I need mark packets to divide them to corresponding queue. According to http://www.docum.org/stef.coene/qos/kptd/ I thing I have only one way how to do it, because

I''m trying to set up a traffic control on ingress attaching a egress qdisc to the ifb device. The idea is to use a RED algorithm instead of policing the incoming traffic. After trying with tc-red and not obtaining the expected results, I decided to try with something easier, and use htb as bottleneck: ifconfig ifb0 up tc qdisc del dev $dev ingress tc qdisc del dev ifb0 root tc qdisc add

Hello, I am using the following iptables POSTROUTING rule to NAT some RFC 1918 addresses: iptables -t nat -A POSTROUTING -s 192.168.19.23 ! 192.168.0.0/255.255.0.0 -p tcp --dport 80 -j SNAT --to-source 10.32.4.2 (I am using SNAT instead of MASQUERADE for performance reasons). I have several addresses on the 192.168.0.0/16 subnet that I am SNAT''ing similarly. Problem is, ''tc

Dear list, I want to rate-limit a couple of customers in both up and down directions. They get a different speed for traffic staying on our network than for traffic towards/from the internet, so that''s a master class and 2 child classes per customer per interface. I made a test setup with cbq which worked, but wasn''t too reliable I measured a tolerance of about 30%. I read

On a router, there is no need for and IMQ because there is always an egress path. For example: Internet -> eth1 -> iptables -> routing -> ... -> egress qdisc -> eth0 -> LAN LAN -> eth0 -> iptables -> routing -> .... -> egress qdisc -> eth1 -> Internet Local Process / Proxy -> routing -> iptables -> egress qdisc -> eth1/eth0 ->

Hi there, I am trying to understand our router / firewall, that was configured by another person. It is a Debian GNU/Linux with several configurations with tc and iptables. I have a question about flowid in ingress qdisc. As fas as I know, this qdisc is a dummy one, and flowid is just used with :1 because the traffic have to be redirected to something. However, in our router, there are some

Objective: All web traffic originating from my proxy server should be forwarded through interface eth2 instead of the default eth0. The reply should take the same path back to the proxy server. Problem: On the return bout, the kernel doesn''t pass the packet to the higher layers. The reply seems to be getting tossed away between PREROUTING and INPUT Netfilter chains.