From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ed Wildgoose <lists@wildgooses.com>
Date: Tue, 18 May 2004 06:54:19 +0000
Subject: Re: [LARTC] 2 Questions on filtering incoming stuff
Message-Id: <40A9B31B.5050705@wildgooses.com>
List-Id: <lartc.vger.kernel.org>
References: <40A92F1A.4030706@wildgooses.com>
In-Reply-To: <40A92F1A.4030706@wildgooses.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Damion de Soto wrote:

> Hi Ed,
>
>> First is: Can I prioritise my "drops" on incoming traffic when the 
>> link is overloaded.  ie instead of just tail dropping, can I "prefer" 
>> to drop certain classes of traffic?  If so, do I do this by setting 
>> up, say, a HTB tree like on the incoming, but the only action at the 
>> leaf is to drop?
>
> You can't set up a HTB or any classful qdiscs on incoming traffic, you 
> can only create ingress policer filters.  You can setup different 
> filters with different priorities, to try and drop one particular type 
> of traffic moreso than others.


Thanks, this is helpful. 

Thinking about it though, the different filters priorities isn't going 
to help too much?  eg if I want to accept ACK's, then incoming SMTP, 
then other bulk downloads, then of course I can setup prioritised 
"bands" by limiting some stuff more than others.  But I don't think that 
a simple priority system will let me accept up to full bandwidth of 
each, but dropping in a preferential order?  (Or do you think simply 
matching each with a 200Kb/s filter in priority order from highest to 
lowest will do the trick?)

> If you're using a linux gateway onto your lan, then you can use a HTB 
> qdiscs
> on the outgoing (lan) interface which would do a better job.


Sure.  Same problem for local traffic on that machine though. 

However, can you apply filters to aliased IP addresses, ie the virtual 
interfaces eth0:1?  Do the filters only apply to the real interfaces 
(which I think is true of iptables for example?)  This might also be 
useful for setting up a bandwidth filter PC using only a single net card 
for example (assuming you don't worry about people bypassing it manually)

Thanks

Ed W

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/