Re: [LARTC] Duplexing

From: Rene Gallati <lartc@draxinusom.ch>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Duplexing
Date: Mon, 09 Aug 2004 15:06:38 +0000	[thread overview]
Message-ID: <411792FE.7090508@draxinusom.ch> (raw)
In-Reply-To: <41178695.20908@ycc.com>

Hello,

> The recent thread titled:
>    working ftp shaping, i think
> provided a script example where 100Mbps was specified as the rate for a 
> typical NIC.
> 
> If that NIC is connected to a switch, chances are that it runs at 
> 100Mbps in each direction concurrently - duplexed  Writing a rule that 
> specifies a 100Mbps rate and thereby a 100Mbps ceil, limits the 
> connection to half the available bandwidth.
> 
> I haven't seen anything in tc (not iptables) that addresses direction - 
> inbound or outbound.
> Is there a way of writing rules that take duplexing into account so that 
> you end up with 2 virtual devices, each capable of 100Mbps, but the 
> traffic is direction specific?

Traffic shaping is generally only outgoing, that is why you need to pull 
many tricks to be able to *shape* (means control speed) inbound and not 
only *police* (only drop/allow through).

You cannot tell the senders on the internet how fast they should send to 
you so you can only shape outgoing. With IMQ you can shape incoming, 
however you already received the packets so delaying/dropping them may 
not be useful.

If you have an internet gateway, you can of course shape both 
directions, at least what is going through the box. What comes in on 
eth0 is then outbound on eth1 for example and you can again shape outgoing.

Shaping makes most sense where the traffic originates. With that said, I 
hope your question is answered: Even in full duplex you only have 
100mbits going out which you can shape.

In iptables you can always specify direction. The built-in chain INPUT 
is only traversed when a packet is inbound *and terminates* on the 
machine (local service recieves packet). OUTPUT is only traversed when a 
packet goes out of a machine and has been created on that machine (ie 
service / program sent data on that machine) and FORWARD is all traffic 
that comes in on one interface and goes out to another interface, 
thereby passing through the machine/gateway.

Furthemore you can select the input and output interfaces in a given 
FORWARD rule by the -i and -o matches giving you a direction in the 
forward case. In OUTPUT or INPUT the direction is already known by the 
chain name.

If you jump from both INPUT and OUTPUT into the same user-defined chain, 
you can use -i and -o respectively.

tc always uses outgoing unless you're working on the INGRESS special 
case. To shape incoming via IMQ, you need an IMQ dummy interface on 
whose "outgoing" direction you can shape again.

So to answer your last question, yes using the IMQ device you can shape 
inbound. Otherwise you can only shape outgoing or police incoming using 
INGRESS.

-- 

C U

      - -- ---- ----- -----/\/  René Gallati  \/\---- ----- --- -- -
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/