From: Alexey Talikov <alexey_talikov@texlab.com.uz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] ingress and egress
Date: Wed, 22 May 2002 06:15:15 +0000 [thread overview]
Message-ID: <marc-lartc-102204819324048@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102194476409224@msgid-missing>
You may route traffic from all devices to one imq and furthure
control it by tc filter with mark or without it i.e. you may
control traffic on two or more network devices (such ethx) simultaneous
i.e. traffic traverse over eth0 and eth1 can't be more then 100kbps, for example
You may create more then two devices
modbrobe imq numdevs=3 (numdevs=1...16)
ip link set imq0 up
ip link set imq1 up
ip link set imq2 up
iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0 (to imq0)
iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 1 (to imq1)
etc
also possible
iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0 (to imq0)
iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 (to imq1)
traffic traverse to imq devices and furthure hit to the network devices
(sorry for my pure English)
22.05.2002 7:29:05, hanhbnetfilter <hanhbnetfilter@yahoo.com.cn> wrote:
>thanks for your help
>I look at IMQ howto,if there is only two IMQ
>devices(imq0 imq1),I have three NIC on my computer, I
>want to
>control all three NIC incoming rate,how can i do?
>Do IMQ support VPN?
>
>
>
>
>
>
>
>
>
> --- Alexey Talikov <alexey_talikov@texlab.com.uz>
>的正文:> You can't shared bandwidth in ingress and
>you can't
>> add classes (ingress classless)
>> tc qdisc add dev eth0 handle ffff:fff1 ingress
>> tc filter add dev eth0 parent ffff:fff1 protocol ip
>> prio 49 u32 match ip dport 22 0xffff \
>> police rate 1mbps burst 100k drop flowid :1
>> tc filter add dev eth0 parent ffff:fff1 protocol ip
>> prio 50 u32 match ip src 0.0.0.0/0 \
>> police rate 2mbps burst 100k drop flowid :1
>> it's allocate 1 mbps for ssh and 2 mbps for other
>> even you upload at the same time
>> (hardware speed more then 3 mbps) i.e. prio don't
>> help you :((
>> But you may use imq see:
>> http://luxik.cdi.cz/~patrick/imq/ patch kernel
>> iptables and redirect
>> with iptables (in mangle table) packets to imq0 and
>> furthure use tbf htb and other\
>>
>> Some notes:
>> Instances by queuing disciplines are identified by
>> 32 bit numbers, which are split into
>> major and minor number (16 bit each)Major number
>> assigned by the user should be in range
>> 1...0x7fff, 0x8000...0xffff automatically allocated
>> by the kernel for qdisc with unspecified
>> major number. Major number ffff:fff0 to ffff:ffff
>> are reserved or have special meaning ffff:fff1
>> for ingress ffff:ffff selects top-level egress
>> queuing discipline of an interface (special values
>> are defined in include/linux/pkt_sched.h and have
>> names begining with TC_H_)
>> For detail see: Linux Network Traffic Control -
>> Implementation Overview
>> Werner Almesberger Feb 4 2001
>>
>> 21.05.2002 6:31:25, hanhbnetfilter
>> <hanhbnetfilter@yahoo.com.cn> wrote:
>>
>> >ingress can be used to control the incoming packet,
>> >such as:
>> >tc qdisc add dev eth0 handle ffff: ingress
>> >tc filter add dev eth0 parent ffff: protocol ip
>> prio 5
>> >u32 match ip src 172.16.1.11 police rate 10kbit
>> burst
>> >10k drop flowid :1
>> >tc filter add dev eth0 parent ffff: protocol ip
>> prio 5
>> >
>> >u32 match ip src 172.16.1.22 police rate 10kbit
>> burst
>> >10k drop flowid :2
>> >first ,I do not sure these method can use
>> class(could
>> >it do? I tested it can not do). if it can do it
>> >,please give me a example.
>> >second, rate can not be shared, if i want to
>> control
>> >the incoming packet rate not throug egress qdisc,
>> and
>> >the rate can be shared, please tell me how can i
>> do.
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>_________________________________________________________
>> >Do You Yahoo!?
>> >摊开你的掌心 让我看看你
>> >http://sweepstakes.yahoo.com/2002cnuser
>> >_______________________________________________
>> >LARTC mailing list / LARTC@mailman.ds9a.nl
>> >http://mailman.ds9a.nl/mailman/listinfo/lartc
>> HOWTO: http://lartc.org/
>> >
>>
>> -----------------------------------
>> mailto:alexey_talikov@texlab.com.uz
>> BR
>> Alexey Talikov
>> FORTEK
>> -----------------------------------
>>
>>
>
>
>_________________________________________________________
>Do You Yahoo!?
>摊开你的掌心 让我看看你
>http://sweepstakes.yahoo.com/2002cnuser
>
-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-05-22 6:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-21 1:31 [LARTC] ingress and egress hanhbnetfilter
2002-05-21 5:27 ` Stef Coene
2002-05-21 5:44 ` Alexey Talikov
2002-05-22 2:29 ` hanhbnetfilter
2002-05-22 3:22 ` Patrick McHardy
2002-05-22 6:15 ` Alexey Talikov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102204819324048@msgid-missing \
--to=alexey_talikov@texlab.com.uz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.