[Gllug] traffic shapping

Alistair Mann alistair at lgeezer.net
Fri May 23 11:13:47 UTC 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thus spaketh Jonathan Dye on Friday 23 May 2003 10:30 am:
> Alistair Mann wrote:
> > Thus spaketh Jonathan Dye on Wednesday 21 May 2003 1:11 pm:
> >> I'm trying to set up some traffic shaping on my dial up connection
> >> to limit the speed of incoming packets
> >
> > Stop right there. There is no traffic-shaping solution anywhere that
> > can help you to shape /incoming/ traffic. By definition, traffic
> > cannot be shaped until it has already arrived, by which time, your
> > dialup line has already been swamped.
> >
> > You can shape through-traffic at a firewall; you can shape how fast
> > outbound traffic, but you can't shape incoming traffic. So, for
> > instance, you can limit outbound traffic from your webserver to
> > 2.5kb/s; you can limit your colleague's kazaa client to 5% of total
> > bandwidth; but you can't stop being 'slashdotted' and 'farked'
> > because 5,000 people are all trying to connect to your machine at the
> > same time.
> >
> > So, if shaping incoming is what you are really trying to do, I hope
> > that clears up why your script couldn't ever work.
>
> OK, I'm trying to use the ingress filter to limit the rate at which packets
> enter the routing system on my firewall box.  I am hoping that in turn this
> will limit the rate at which traffic arrives at my external interface due
> to the corresponding slowdown in the ACKs returned to the sending machines.

Fair enough. No idea if it works that way, but still:

When I've done this, I've used cbq.init[1] on top of tc, as cbq.init will read 
in a configurations such as:
DEVICE=eth0,10mbit,1mbit
RATE=20kbit
WEIGHT=2kbit
PRIO=5
RULE=192.168.0.200

And then construct the appropiate tc rules to effect them. (The above limits 
inbound traffic to through the routing system for traffic TO 192.168.0.200 on 
device eth0 to 20kbit/s.)

CBQ is at http://freshmeat.net/projects/cbqinit

You can then, obviously, look at the tc rules to see whats happened.
- -- 
Alistair Mann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+zgJrEz+/jt85AfsRAv6oAJ9AokZ3Iznfa8SIpjZMRemMnO6tbACgk/gr
yrSac7RKwyJH78fFoDAmPy0=
=+mlX
-----END PGP SIGNATURE-----



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list