* [LARTC] Incoming traffic
@ 2007-02-27 16:31 mohican 542003
2007-04-03 19:51 ` Andy Furniss
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: mohican 542003 @ 2007-02-27 16:31 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 386 bytes --]
Hello,
with the command :
tc filter add dev eth0 parent ffff: protocol ip u32 patch ip src
192.168.2.6police rate 10000kbit burst 10000kbit drop flowid :1
we can limit traffic coming from 192.168.2.6.
I would like:
for 192.168.1.2, 192.168.1.4 limit to 10mbit
for 192.168.1.3, 192.168.1.5 limit to 20mbit
other ip would have no limit.
Is it possible with tc ?
Regards
Olivier.
[-- Attachment #1.2: Type: text/html, Size: 647 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Incoming traffic
2007-02-27 16:31 [LARTC] Incoming traffic mohican 542003
@ 2007-04-03 19:51 ` Andy Furniss
2007-04-04 20:40 ` Andy Furniss
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Andy Furniss @ 2007-04-03 19:51 UTC (permalink / raw)
To: lartc
mohican 542003 wrote:
> Hello,
>
> with the command :
> tc filter add dev eth0 parent ffff: protocol ip u32 patch ip src
> 192.168.2.6police rate 10000kbit burst 10000kbit drop flowid :1
> we can limit traffic coming from 192.168.2.6.
>
> I would like:
> for 192.168.1.2, 192.168.1.4 limit to 10mbit
> for 192.168.1.3, 192.168.1.5 limit to 20mbit
> other ip would have no limit.
>
> Is it possible with tc ?
Should be possible - do you mean .2 and .4 share 10mbit or get 10mbit each?
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Incoming traffic
2007-02-27 16:31 [LARTC] Incoming traffic mohican 542003
2007-04-03 19:51 ` Andy Furniss
@ 2007-04-04 20:40 ` Andy Furniss
2007-09-25 14:57 ` [LARTC] incoming traffic mohican 542003
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Andy Furniss @ 2007-04-04 20:40 UTC (permalink / raw)
To: lartc
mohican 542003 wrote:
> Hello,
>
> I would like that .2 and .4 share 10mbit and .3 and .5 share 20 mbit.
>
> I finally use tcindex that works fine. u32 can only be used with one IP,
> and iptables cannot mark packet for incoming traffic.
>
> Do you have another suggestion ?
There are things called shared meters - though I think that name is a
bit misleading as to their usefullness.
You can use them to make policers from different matches behave as one,
so it is possible to do as you want - it won't be a fair share though.
The iptables issue is because the place policers hook changed - on 2.4s
and if you config your kernel the right way (don't select packet action,
and then select the old/depreciated policer) it will see packets after
iptables prerouting, the default on 2.6s is to hook before netfilter.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LARTC] incoming traffic
2007-02-27 16:31 [LARTC] Incoming traffic mohican 542003
2007-04-03 19:51 ` Andy Furniss
2007-04-04 20:40 ` Andy Furniss
@ 2007-09-25 14:57 ` mohican 542003
2007-09-25 15:09 ` mohican 542003
2007-09-25 21:26 ` Peter V. Saveliev
4 siblings, 0 replies; 6+ messages in thread
From: mohican 542003 @ 2007-09-25 14:57 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 733 bytes --]
Hello,
i made this script :
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip src
138.96.20.0 police index 1 rate 20000kbit burst 20000kbit drop flowid :1
tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src
138.96.20.23 police index 2 rate 15000kbit burst 15000kbit drop flowid :2
tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src
138.96.20.10 police index 3 rate 10000kbit burst 10000kbit drop flowid :3
The main goal is to limit incoming traffic from 138.96.20.23 to 15000kbit
and the incoming traffic from 138.96.20.10 to 10000kbit. But the total must
not exceed 20000kbit.
Does anyone have an idea ?
Thanks.
Olivier.
[-- Attachment #1.2: Type: text/html, Size: 957 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LARTC] incoming traffic
2007-02-27 16:31 [LARTC] Incoming traffic mohican 542003
` (2 preceding siblings ...)
2007-09-25 14:57 ` [LARTC] incoming traffic mohican 542003
@ 2007-09-25 15:09 ` mohican 542003
2007-09-25 21:26 ` Peter V. Saveliev
4 siblings, 0 replies; 6+ messages in thread
From: mohican 542003 @ 2007-09-25 15:09 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 733 bytes --]
Hello,
i made this script :
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip src
138.96.20.0 police index 1 rate 20000kbit burst 20000kbit drop flowid :1
tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src
138.96.20.23 police index 2 rate 15000kbit burst 15000kbit drop flowid :2
tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src
138.96.20.10 police index 3 rate 10000kbit burst 10000kbit drop flowid :3
The main goal is to limit incoming traffic from 138.96.20.23 to 15000kbit
and the incoming traffic from 138.96.20.10 to 10000kbit. But the total must
not exceed 20000kbit.
Does anyone have an idea ?
Thanks.
Olivier.
[-- Attachment #1.2: Type: text/html, Size: 1349 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] incoming traffic
2007-02-27 16:31 [LARTC] Incoming traffic mohican 542003
` (3 preceding siblings ...)
2007-09-25 15:09 ` mohican 542003
@ 2007-09-25 21:26 ` Peter V. Saveliev
4 siblings, 0 replies; 6+ messages in thread
From: Peter V. Saveliev @ 2007-09-25 21:26 UTC (permalink / raw)
To: lartc
<skip />
> Hello,
>
> i made this script :
> tc qdisc add dev eth0 handle ffff: ingress
<skip />
> The main goal is to limit incoming traffic from 138.96.20.23 to 15000kbit
> and the incoming traffic from 138.96.20.10 to 10000kbit. But the total must
> not exceed 20000kbit.
<skip />
Does it work? Afair, such setup is possible only with htb/cbq, not with
policing filters. But I can stumble.
If so, consider to use imq (which can be unstable) or to shape outgoing
traffic, if it is applicable (e.g., on a router).
If you do not have imq, but use OpenVZ or Xen with network in routed mode, you
can try to use htb to shape traffic to a VE.
--
Peter V. Saveliev
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-09-25 21:26 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-27 16:31 [LARTC] Incoming traffic mohican 542003
2007-04-03 19:51 ` Andy Furniss
2007-04-04 20:40 ` Andy Furniss
2007-09-25 14:57 ` [LARTC] incoming traffic mohican 542003
2007-09-25 15:09 ` mohican 542003
2007-09-25 21:26 ` Peter V. Saveliev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.