[LARTC] Duplexing

[LARTC] Duplexing

[Bill Gradwohl]

The recent thread titled:
    working ftp shaping, i think
provided a script example where 100Mbps was specified as the rate for a 
typical NIC.

If that NIC is connected to a switch, chances are that it runs at 
100Mbps in each direction concurrently - duplexed  Writing a rule that 
specifies a 100Mbps rate and thereby a 100Mbps ceil, limits the 
connection to half the available bandwidth.

I haven't seen anything in tc (not iptables) that addresses direction - 
inbound or outbound.
Is there a way of writing rules that take duplexing into account so that 
you end up with 2 virtual devices, each capable of 100Mbps, but the 
traffic is direction specific?

-- 
Bill Gradwohl
bill@ycc.com
http://www.ycc.com
SPAMstomper Protected email

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Duplexing

[Tomas Simonaitis]

In tc, with egress you control outbound traffic, with ingress inbound.
Usually only outbound traffic is controlled, as you can't really force others 
to send slower (see more here http://lartc.org/howto/lartc.qdisc.html)

On Monday 09 August 2004 17:13, Bill Gradwohl wrote:
> The recent thread titled:
>     working ftp shaping, i think
> provided a script example where 100Mbps was specified as the rate for a
> typical NIC.
>
> If that NIC is connected to a switch, chances are that it runs at
> 100Mbps in each direction concurrently - duplexed  Writing a rule that
> specifies a 100Mbps rate and thereby a 100Mbps ceil, limits the
> connection to half the available bandwidth.
>
> I haven't seen anything in tc (not iptables) that addresses direction -
> inbound or outbound.
> Is there a way of writing rules that take duplexing into account so that
> you end up with 2 virtual devices, each capable of 100Mbps, but the
> traffic is direction specific?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Duplexing

[David Boreham]

> I haven't seen anything in tc (not iptables) that addresses direction - 
> inbound or outbound.

Shaping is always done on outbound traffic only.
You can't shape incoming traffic -- it arrives at
whatever rate the sender at the other end decides
to sent at.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Duplexing

[John Sullivan]

At 16:26 09/08/2004, you wrote:

>In tc, with egress you control outbound traffic, with ingress inbound.
>Usually only outbound traffic is controlled, as you can't really force others
>to send slower (see more here http://lartc.org/howto/lartc.qdisc.html)

That said, TCP/IP will just resend a packet it it doesn't get an ACK that 
it's been received, so you can limmit incoming traffic to a degree just by 
throwing away overspeed stuff until you're ready to deal with it...

Me...

-- 
John Sullivan                    Y si el Hombre debe tener a un enemigo
john@benzo8.org                         Déjalo ser su orgullo bélico...
gpg: 1024D/701EE513  AEFC E06D 8D5C 6099 0576  6832 2734 5FD0 701E E513 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Duplexing

[Rene Gallati]

Hello,

> The recent thread titled:
>    working ftp shaping, i think
> provided a script example where 100Mbps was specified as the rate for a 
> typical NIC.
> 
> If that NIC is connected to a switch, chances are that it runs at 
> 100Mbps in each direction concurrently - duplexed  Writing a rule that 
> specifies a 100Mbps rate and thereby a 100Mbps ceil, limits the 
> connection to half the available bandwidth.
> 
> I haven't seen anything in tc (not iptables) that addresses direction - 
> inbound or outbound.
> Is there a way of writing rules that take duplexing into account so that 
> you end up with 2 virtual devices, each capable of 100Mbps, but the 
> traffic is direction specific?

Traffic shaping is generally only outgoing, that is why you need to pull 
many tricks to be able to *shape* (means control speed) inbound and not 
only *police* (only drop/allow through).

You cannot tell the senders on the internet how fast they should send to 
you so you can only shape outgoing. With IMQ you can shape incoming, 
however you already received the packets so delaying/dropping them may 
not be useful.

If you have an internet gateway, you can of course shape both 
directions, at least what is going through the box. What comes in on 
eth0 is then outbound on eth1 for example and you can again shape outgoing.

Shaping makes most sense where the traffic originates. With that said, I 
hope your question is answered: Even in full duplex you only have 
100mbits going out which you can shape.

In iptables you can always specify direction. The built-in chain INPUT 
is only traversed when a packet is inbound *and terminates* on the 
machine (local service recieves packet). OUTPUT is only traversed when a 
packet goes out of a machine and has been created on that machine (ie 
service / program sent data on that machine) and FORWARD is all traffic 
that comes in on one interface and goes out to another interface, 
thereby passing through the machine/gateway.

Furthemore you can select the input and output interfaces in a given 
FORWARD rule by the -i and -o matches giving you a direction in the 
forward case. In OUTPUT or INPUT the direction is already known by the 
chain name.

If you jump from both INPUT and OUTPUT into the same user-defined chain, 
you can use -i and -o respectively.

tc always uses outgoing unless you're working on the INGRESS special 
case. To shape incoming via IMQ, you need an IMQ dummy interface on 
whose "outgoing" direction you can shape again.

So to answer your last question, yes using the IMQ device you can shape 
inbound. Otherwise you can only shape outgoing or police incoming using 
INGRESS.

-- 

C U

      - -- ---- ----- -----/\/  René Gallati  \/\---- ----- --- -- -
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/