hi everyone,
thanx for the tips om my last traffic shaping question. i've managed to
get a debian bridge (ebtables / bridge-nf patched 2.4.22 kernel w/
newest 'tc') up and running which does firewalling and outgoing shaping.
now, i wanted to try the incoming ingress shaping, but i cant get it to
work: nothing gets shaped. it seems as if the ingress qdisc just isn't
there.. the topology of my test setup is very simple:
www
|
eth0
debian bridge (br0)
eth1
|
switch
|
-----------------
| |
WS1 WS2
i'm only shaping WS2 using HTB and SFQ, which works very nicely. but the
ingress shaping just won't work.
my trafic control setup is as follows:
<-- START -->
TC="/sbin/tc-htb"
WS2="xx.xx.xx.xx/32"
# Delete previous configuration
$TC qdisc del dev eth0 root
$TC qdisc del dev eth0 ingress
# Add root handle. Direct default traffic to class 99.
$TC qdisc add dev eth0 root handle 1: htb default 99
$TC qdisc add dev eth0 ingress handle ffff:
# 256k Upload root class.
$TC class add dev eth0 parent 1: classid 1:1 htb rate 256kbps ceil \
256kbps
# 32k Upload class for ws2.
$TC class add dev eth0 parent 1:1 classid 1:10 htb rate 32kbps ceil \
36kbps burst 16k
# 96k Upload class for default traffic.
$TC class add dev eth0 parent 1:1 classid 1:99 htb rate 96kbps ceil \
128kbps
# ws2 fairness queueing disciplines. Rehash every 10 seconds.
$TC qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
# Fairness queueing discipline for default traffic. Rehash every 10s.
$TC qdisc add dev eth0 parent 1:99 handle 99: sfq perturb 10
# ws2 filters.
$TC filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src \
$WS2 flowid 1:10
$TC filter add dev eth0 parent ffff: protocol ip u32 match ip src \
0.0.0.0/0 police rate 8kbps burst 4k mtu 12k drop flowid :1
<-- END -->
as you can see, i am now trying to limit all the incoming traffic, since
i got no result using filtering (not with u32, not with netfilter
marking). but this doesn't work either. also, when i show the filters,
the entire ingress filter isn't shown:
[EMAIL PROTECTED]: ~ # tc-htb filter show dev eth0
filter parent 1: protocol ip pref 1 u32
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key
ht 800 bkt 0 flowid 1:10
match 3e3a34ed/ffffffff at 12
though it does exist as a qdisc:
[EMAIL PROTECTED]: ~ # tc-htb qdisc show dev eth0
qdisc sfq 99:
qdisc sfq 10:
qdisc ingress ffff:
qdisc htb 1: r2q 10 default 99 direct_packets_stat 1
and stats show nothing:
[EMAIL PROTECTED]: ~ # tc-htb -s -d qdisc show dev eth0
qdisc sfq 99:
Sent 1058 bytes 18 pkts (dropped 0, overlimits 0)
qdisc sfq 10:
Sent 14748759 bytes 32445 pkts (dropped 0, overlimits 0)
qdisc ingress ffff:
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
qdisc htb 1: r2q 10 default 99 direct_packets_stat 1 ver 3.12
Sent 14749883 bytes 32464 pkts (dropped 0, overlimits 13585)
anyone with some experience with this?
regards,
-rodi
