similar to: tc ingress policing with multiple subnets

Hi all, i have a problem: i have an adsl modem that is connected to internet. I can''t manage this modem. Between my PC and the modem i have a linux firewall that make the NAT and the traffic shapping. I have create a script that limit the bandwidth of the "external" interface of the firewall so i can manage my bandwidth for my internet application. The problem is that i need to

Hi, I''m new at traffic control and was reading up on HTB and using it to put an upper limit on traffic. I have a 256k DSL with 64k upload (which translates to about 5/6KB uploads). The machine running the P2P applications keeps filling up the 64K so my browsing from other machines in the network ends up being very slow. Since there are several P2P applications, I wanted to set the

Hi all, I have 2 questions regarding policing 1. What is the problem with policing as in most mesages I can find people say don''t but I have not found a why? 2. I have the egress below working (numbers in example are bogus, I know). How do I add an ingress policy? /* compile this file with tcc filename > limit.sh and run that file */ dev eth1 { egress { class (

Hi all I started playing with tcng to generate my tc rules, but I have some difficulty implementing my rules... The script below generates an error: # Device eth0 tc qdisc add dev eth0 ingress beginner.tc:2: don''t know how to build meter for this The script is below, I changed the real IP numbers for XXs and YYs, since it doesn''t really matter what they are. eth0 is the

Hello, i try to use iptables to mark packet and then to filter them with tc. Here is my script: iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK --set-mark 1 tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 10000kbit burst 10000kbit mtu 1500k drop flowid :1 I can not use u32 because i have several

Hi everyone, I''m new to tc but I need to use it to set up shaping on a new NAT box. In short: Each user must have their upload limited to 128kbit and downlink limited to 256kbit. Global bandwidth to be limited to 100Mbit Interactive packets to have higher priority 200+ users, so need to match packets fast So far I have managed to get the download limits working. However I need to

Hi, I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 4 \ handle 1: u32 divisor 1 tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \ match ip dport 4001 0xffff \ police rate 2000kbit burst 50k drop \ flowid

Hi all I''m new to this list, but not exactly to iproute stuff. I''d like to solve a specific problem with bandwidth coming from different external sources towards the internal network (also the other way around, but I figure that''s not so much a problem, since that is egress traffic shaping). The network looks like this: internet ------ ISP-------[shaping/router]

I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root

Dear all, I have 3 backbones for my local network. 1st backbone: down 1024kbps, up 1024kbps through eth1 2nd backbone: down 2048kbps, up 2048kbps through eth2 3rd backbone: down 1024kbps, up 128kbps through eth3 Local network: 192.168.0.0/16 through eth0 Router: Linux Slakware 11 with iproute2 Please let me know how to shape both incoming and outgoing traffic for this case. LARTC doc only

[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to

Hi Folks, I''m using a 2.4.x kernel and TC from the iproute2 package so that I can limit traffic through my gateway. I''m using this to mark packets when they leave the LAN: /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0 -m 1 When the packets return, I need to have them marked again so that the ingress filter will limit the bandwidth in the opposite

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hi, I notice that if two or more existing connections match an ingress policing filter, the input bandwidth does not get evenly divided up between the n connections. Kinda like litters of baby animals, where the stronger babies get more access to the mothers teats and grow up bigger and faster than their siblings. The only workaround that''s working for me is to set explicit ingress

Hi stef and all I want measure the policy perfomance for video traffic on mpls diffserv network. there are two different polices for video packet 1. Video packets that are marked that are over the limit are to be rejected at the edge router. 2. Video packets that are marked that are over the limit are to be downgraded as best effort and are sent through. Before video enter my mpls

I have done the "definitive test" in my adsl line, using a real computer: * Without incoming traffic management, my dns can take about 30s or more to resolve a domain (when it resolve, sometimes it doesn''t) when my adsl line is saturated. So the queue of my ISP doesn''t give preference to the dns (at the reverse, is it seems penalyzed), But doing 3 paralell ftps (and

Hello list! In am stuck in getting the wondershaper script working. The last line of the script (tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 1800kbit burst 10k drop flowid :1) produces the following error: RTNETLINK answers: Invalid argument Could somebody please give me a hint on how to fix this? Regards, borghart

Hi, I''m trying to police ingress traffic based on port numbers and IP addresses. The u32 match based on IP addresses seems to work without issues and I''m am able to police incoming packets. However, the same isn''t working with u32 matches based on TCP port numbers. For port numbers, I added exactly one ''u32 match'' rule: common for both: # tc qdisc add

Hi, I am new to tc and have been reading quite a bit on how to set it up etc. Everything seems to be working fine, until I started scp-ing a large file over a low bandwidth connection as part of my testing process. Here is the setup: my pc --- bridge running tc/htb --- rest of network TC is filtering traffic from "my pc" and classifies it as 120kbit (see my script below). I then scp a

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this