similar to: ingress policing based on source address?

Hi all I started playing with tcng to generate my tc rules, but I have some difficulty implementing my rules... The script below generates an error: # Device eth0 tc qdisc add dev eth0 ingress beginner.tc:2: don''t know how to build meter for this The script is below, I changed the real IP numbers for XXs and YYs, since it doesn''t really matter what they are. eth0 is the

I have a router with 3 network interfaces like in the following ASCII diagram below. All interfaces are 100mbit. There is tcp traffic being sent from net1 to net3 and from net2 to net3 and the tcp connections consume as much bandwidth as possible. There is a pfifo queue on the egress interface eth0 of the core router with a limit of 10 packets. net1 --> (eth1) router (eth0) -> net3

[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to

ingress can be used to control the incoming packet, such as: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.11 police rate 10kbit burst 10k drop flowid :1 tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.22 police rate 10kbit burst 10k drop flowid :2 first ,I do not sure these method can

Hi, I notice that if two or more existing connections match an ingress policing filter, the input bandwidth does not get evenly divided up between the n connections. Kinda like litters of baby animals, where the stronger babies get more access to the mothers teats and grow up bigger and faster than their siblings. The only workaround that''s working for me is to set explicit ingress

I''m trying to do some very simple rate-shaping on an interface. I want to limit my 100baseT interface to 7 megs both ingress and egress of the interface. I''ve been hacking my way through the documentation and some examples and I''ve come up with the following configuration for tcng that seems to do what I want. I''m curious if some of the other experts out

I''m trying to set up a traffic control on ingress attaching a egress qdisc to the ifb device. The idea is to use a RED algorithm instead of policing the incoming traffic. After trying with tc-red and not obtaining the expected results, I decided to try with something easier, and use htb as bottleneck: ifconfig ifb0 up tc qdisc del dev $dev ingress tc qdisc del dev ifb0 root tc qdisc add

I have two interfaces, eth0 and eth1 but i can''t discern the egress traffic than ingress traffic. I need to apply htb qdisc in both directions, and I read that I need the IMQ patch to do this, because in ingress qdisc i can''t apply htb qdisc...but where is the ingress qdisc? affect the traffic that goes from eth0 to eth1 or is for the traffic that goes from eth1 to eth0?

I am successfully running ingress (IMQ) and egress (HTB) shaping on a bridge. Is there any way to combine and share the bandwidth between ingress and egress? Example: I have set up www service for egress at 128 KB and ingress at 256 KB. The shaping on them works fine separately. However, I want to create a single virtual pipe for www traffic and limit both ingress and egress combined to 256 KB.

I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root

Hi all, I have 2 questions regarding policing 1. What is the problem with policing as in most mesages I can find people say don''t but I have not found a why? 2. I have the egress below working (numbers in example are bogus, I know). How do I add an ingress policy? /* compile this file with tcc filename > limit.sh and run that file */ dev eth1 { egress { class (

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hi, I am trying to do both ingress and egress bandwidth management on a bridge. eth0 is the WAN interface. IPTraf shows that the following script is running successfully and it limits bandwidth both ways to 256 KB However when I want to see the statistics using tc - it only shows me stats for htb class and not for ingress class. The tc output is as follows: tc -s -d class show dev eth0 class

Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0

Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle ffff: then: tc filter

Hi, I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 4 \ handle 1: u32 divisor 1 tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \ match ip dport 4001 0xffff \ police rate 2000kbit burst 50k drop \ flowid

hello again, I got some just preliminary results .... hope someone can explain them to me... As I already told I have the following config : egress { class (30kbps) {sfq}; class (50kbps) {sfq}; class (80kbps) {sfq}; class (30kbps) {sfq}; class (50kbps) {sfq}; ...hundreds like this... class (10kbps,default) {sfq}; } What I got is traffic starvation very often for a period of ~30 sec.. as

Hello, I am using the following iptables POSTROUTING rule to NAT some RFC 1918 addresses: iptables -t nat -A POSTROUTING -s 192.168.19.23 ! 192.168.0.0/255.255.0.0 -p tcp --dport 80 -j SNAT --to-source 10.32.4.2 (I am using SNAT instead of MASQUERADE for performance reasons). I have several addresses on the 192.168.0.0/16 subnet that I am SNAT''ing similarly. Problem is, ''tc

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress

Hi, I have a Debian based NAT router. How can I manage upstream egress bandwidth based on the LAN ipadress in the network below? My goal is that host1 get a minumum of 10Mbit up/down and host2 gets a minimum of 90Mbit up/down, both max 100Mbit up/down? targethost 172.16.255.254 | | 172.16.0.1 natrouter