Re: [LARTC] Marking returned MASQ'ed packets (ingress, TC, etc.)

["Wingtung.Leung" <s965817@uia.ua.ac.be>]

On Tue, 12 Jun 2001, Barton Hodges wrote:

(Your ASCII drawing was rather screwed up, maybe too wide?)

> I can limit the downstream with this:
>
> tc qdisc add dev eth0 handle ffff:0 ingress
>
> tc filter add dev eth0 parent ffff:0 protocol ip prio 5 handle 1 fw \
>    police rate 128kbit burst 128kbit mtu 1500 drop
>
>
> What I think I need is a separate filter for eth1 and eth2 that looks
> for different marks (handles?)  Therefore, I need to mark packets
> coming through eth0 to eth1 with a 0x1 and from eth0 to eth2 with a 0x2
> and filter accordingly (I think).

I'm not sure I understand what you want, but I assume you want to limit
the downstream from internet to the two internal masqu'ed subnets. With
two extra conditions:
 1 - internal traffic has priority (from subnet to subnet)
 2 - internet downstream is equally divided between the subnets

First of all, I don't know how condition 2 can be met. I hope someone else
can correct me.

For the rest, I propose the following setup:

1 - create for each internal interface a low and a high priority class
    with low rates (unbounded)
2 - don't mark incoming packets from the external interface, but use the
    u32 filter and match with the source address
3 - if the packet comes from a internal subnet, redirect it to the hi-prio
    class, otherwise send it to the low-prio class

This might not be ideal, just an idea.



-- 
GnuPG public key: http://win-www.uia.ac.be/u/s965817/pub.key
fingerprint = A3C4 DE50 712D 4FA8 C564  4D96 5E06 C9CC ECFA 19C5
Please edit the quoted text.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/