* [LARTC] bandwidth limiting when src and dst are on the same interface
@ 2001-02-05 12:58 Borut
0 siblings, 0 replies; only message in thread
From: Borut @ 2001-02-05 12:58 UTC (permalink / raw)
To: lartc
<PRE>Hello!
I have a problem here.
I set up a Linux 2.4 machine to do bandwidth limiting for some of our
customers.
Current setup is something like this:
|<i>--------| backbone |-------| |---------|
</I>|<i>Internet|225.1-----------225.10|limiter|228.1----228.10|cust. gw2|
</I>|<i>--------| | eth0 |-------| eth1 |---------|
</I> |
225.20
|---------|
|cust. gw.|
|---------|
225.1 is IP of the border router.
225.10 is "outside" IP of the limiter
225.20 is IP of the customer gw (don't ask...I didn't do this)
228.1 is "inside" IP of the limiter
228.10 is customer2 gw
Now, I have no problems limiting traffic from/to customer2. I do it like
this:
tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit \
rate 128kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:1 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match \
ip src xxx.xxx.228.10 flowid 10:1
tc qdisc add dev eth1 root handle 20: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth1 parent 20:0 classid 20:1 cbq bandwidth 100Mbit \
rate 128kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth1 parent 20:1 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 20:0 protocol ip prio 100 u32 match \
ip dst xxx.xxx.228.10
Now, the 228.10 (customer2) is limited to 128k up/128k down. All nice.
I want to limit the customer on 225.20. It should not be a problem,
adjusting routing (225.1<->225.10<->225.20 instead of 225.1<->225.20),
then adding this:
tc class add dev eth0 parent 10:0 classid 10:10 cbq bandwidth 100Mbit \
rate 512kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:10 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \
src xxx.xxx.225.20 flowid 10:10
tc class add dev eth0 parent 10:0 classid 10:11 cbq bandwidth 100Mbit \
rate 512kbit allot 1514 weight 100kbit prio 5 maxburst 1 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:11 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip \
dst xxx.xxx.225.20 flowid 10:11
Now, this doesn't work. The customer is NOT limited to 512k. Tested.
Downloading from ftp (not on our network) was as fast as 143KB (which is
waaaaay more than 512kbit, even more than double that).
Now, is it impossible to do limiting that way? I don't know.
Another possibility is the limiter sending ICMP redirects, I haven't
tried disabling them yet. 225.1 is linux 2.2, 225.10 is linux 2.4
and 225.20 is some 3com ADSL stuff. Is that the problem?
And BTW, these things are mostly from the howto...I don't even know
what most of the options mean. I might have screwed up something.
Thanks for answers,
--
Borut
<A HREF="mailto:borut.mrak@ijs.si">borut.mrak@ijs.si</A>
-----------------
Diplomat: A man who always remembers a woman's birthday but
never remembers her age.
</PRE>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-02-05 12:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-02-05 12:58 [LARTC] bandwidth limiting when src and dst are on the same interface Borut
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.