Discussion:
ingress and egress
hanhbnetfilter
2002-05-21 01:31:25 UTC
Permalink
ingress can be used to control the incoming packet,
such as:
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.11 police rate 10kbit burst
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip prio 5

u32 match ip src 172.16.1.22 police rate 10kbit burst
10k drop flowid :2
first ,I do not sure these method can use class(could
it do? I tested it can not do). if it can do it
,please give me a example.
second, rate can not be shared, if i want to control
the incoming packet rate not throug egress qdisc, and
the rate can be shared, please tell me how can i do.






_________________________________________________________
Do You Yahoo!?
摊开你的掌心 让我看看你
http://sweepstakes.yahoo.com/2002cnuser
Stef Coene
2002-05-21 05:27:34 UTC
Permalink
Post by hanhbnetfilter
ingress can be used to control the incoming packet,
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.11 police rate 10kbit burst
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.22 police rate 10kbit burst
10k drop flowid :2
first ,I do not sure these method can use class(could
it do? I tested it can not do). if it can do it
,please give me a example.
Ingress qdisc is classless.
Post by hanhbnetfilter
second, rate can not be shared, if i want to control
the incoming packet rate not throug egress qdisc, and
the rate can be shared, please tell me how can i do.
You can use use the imq device. You can redirect packets (incoming and
outgoing) to this device. And you can attach CBQ or HTB to this device. A
link can be found on www.docum.org under faq.

Stef
--
***@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
Alexey Talikov
2002-05-21 05:44:06 UTC
Permalink
You can't shared bandwidth in ingress and you can't add classes (ingress classless)
tc qdisc add dev eth0 handle ffff:fff1 ingress
tc filter add dev eth0 parent ffff:fff1 protocol ip prio 49 u32 match ip dport 22 0xffff \
police rate 1mbps burst 100k drop flowid :1
tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 0.0.0.0/0 \
police rate 2mbps burst 100k drop flowid :1
it's allocate 1 mbps for ssh and 2 mbps for other even you upload at the same time
(hardware speed more then 3 mbps) i.e. prio don't help you :((
But you may use imq see: http://luxik.cdi.cz/~patrick/imq/ patch kernel iptables and redirect
with iptables (in mangle table) packets to imq0 and furthure use tbf htb and other\

Some notes:
Instances by queuing disciplines are identified by 32 bit numbers, which are split into
major and minor number (16 bit each)Major number assigned by the user should be in range
1...0x7fff, 0x8000...0xffff automatically allocated by the kernel for qdisc with unspecified
major number. Major number ffff:fff0 to ffff:ffff are reserved or have special meaning ffff:fff1
for ingress ffff:ffff selects top-level egress queuing discipline of an interface (special values
are defined in include/linux/pkt_sched.h and have names begining with TC_H_)
For detail see: Linux Network Traffic Control - Implementation Overview
Werner Almesberger Feb 4 2001
Post by hanhbnetfilter
ingress can be used to control the incoming packet,
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.11 police rate 10kbit burst
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.22 police rate 10kbit burst
10k drop flowid :2
first ,I do not sure these method can use class(could
it do? I tested it can not do). if it can do it
,please give me a example.
second, rate can not be shared, if i want to control
the incoming packet rate not throug egress qdisc, and
the rate can be shared, please tell me how can i do.
_________________________________________________________
Do You Yahoo!?
摊开你的掌心 让我看看你
http://sweepstakes.yahoo.com/2002cnuser
_______________________________________________
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----------------------------------
mailto:***@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------
hanhbnetfilter
2002-05-22 02:29:05 UTC
Permalink
thanks for your help
I look at IMQ howto,if there is only two IMQ
devices(imq0 imq1),I have three NIC on my computer, I
want to
control all three NIC incoming rate,how can i do?
Do IMQ support VPN?









--- Alexey Talikov <***@texlab.com.uz>
的正文:> You can't shared bandwidth in ingress and
you can't
Post by Alexey Talikov
add classes (ingress classless)
tc qdisc add dev eth0 handle ffff:fff1 ingress
tc filter add dev eth0 parent ffff:fff1 protocol ip
prio 49 u32 match ip dport 22 0xffff \
police rate 1mbps burst 100k drop flowid :1
tc filter add dev eth0 parent ffff:fff1 protocol ip
prio 50 u32 match ip src 0.0.0.0/0 \
police rate 2mbps burst 100k drop flowid :1
it's allocate 1 mbps for ssh and 2 mbps for other
even you upload at the same time
(hardware speed more then 3 mbps) i.e. prio don't
help you :((
http://luxik.cdi.cz/~patrick/imq/ patch kernel
iptables and redirect
with iptables (in mangle table) packets to imq0 and
furthure use tbf htb and other\
Instances by queuing disciplines are identified by
32 bit numbers, which are split into
major and minor number (16 bit each)Major number
assigned by the user should be in range
1...0x7fff, 0x8000...0xffff automatically allocated
by the kernel for qdisc with unspecified
major number. Major number ffff:fff0 to ffff:ffff
are reserved or have special meaning ffff:fff1
for ingress ffff:ffff selects top-level egress
queuing discipline of an interface (special values
are defined in include/linux/pkt_sched.h and have
names begining with TC_H_)
For detail see: Linux Network Traffic Control -
Implementation Overview
Werner Almesberger Feb 4 2001
21.05.2002 6:31:25, hanhbnetfilter
Post by hanhbnetfilter
ingress can be used to control the incoming packet,
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip
prio 5
Post by hanhbnetfilter
u32 match ip src 172.16.1.11 police rate 10kbit
burst
Post by hanhbnetfilter
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip
prio 5
Post by hanhbnetfilter
u32 match ip src 172.16.1.22 police rate 10kbit
burst
Post by hanhbnetfilter
10k drop flowid :2
first ,I do not sure these method can use
class(could
Post by hanhbnetfilter
it do? I tested it can not do). if it can do it
,please give me a example.
second, rate can not be shared, if i want to
control
Post by hanhbnetfilter
the incoming packet rate not throug egress qdisc,
and
Post by hanhbnetfilter
the rate can be shared, please tell me how can i
do.
_________________________________________________________
Post by hanhbnetfilter
Do You Yahoo!?
摊开你的掌心 让我看看你
http://sweepstakes.yahoo.com/2002cnuser
_______________________________________________
http://mailman.ds9a.nl/mailman/listinfo/lartc
HOWTO: http://lartc.org/
-----------------------------------
BR
Alexey Talikov
FORTEK
-----------------------------------
_________________________________________________________
Do You Yahoo!?
摊开你的掌心 让我看看你
http://sweepstakes.yahoo.com/2002cnuser
Patrick McHardy
2002-05-22 03:22:44 UTC
Permalink
Hi.
Post by hanhbnetfilter
thanks for your help
I look at IMQ howto,if there is only two IMQ
devices(imq0 imq1),I have three NIC on my computer, I
want to
control all three NIC incoming rate,how can i do?
Do IMQ support VPN?
The number of devices can be specified as module option (numdevs).
IMQ works with any ip/ip6 protocol, so if by VPN you mean ipsec there
should be no problem. A user reported a problem a short time ago with
gre tunnels when the real data and the encapsulated data went to the
same imq device, but i have no reports (positive or negative) for other
kinds of tunnels. If you choose to try for yourself please let me know
if it worked.

Bye,
Patrick
Alexey Talikov
2002-05-22 06:15:15 UTC
Permalink
You may route traffic from all devices to one imq and furthure
control it by tc filter with mark or without it i.e. you may
control traffic on two or more network devices (such ethx) simultaneous
i.e. traffic traverse over eth0 and eth1 can't be more then 100kbps, for example

You may create more then two devices
modbrobe imq numdevs=3 (numdevs=1...16)
ip link set imq0 up
ip link set imq1 up
ip link set imq2 up

iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0 (to imq0)
iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 1 (to imq1)
etc

also possible
iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0 (to imq0)
iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 (to imq1)
traffic traverse to imq devices and furthure hit to the network devices

(sorry for my pure English)
Post by hanhbnetfilter
thanks for your help
I look at IMQ howto,if there is only two IMQ
devices(imq0 imq1),I have three NIC on my computer, I
want to
control all three NIC incoming rate,how can i do?
Do IMQ support VPN?
的正文:> You can't shared bandwidth in ingress and
you can't
Post by Alexey Talikov
add classes (ingress classless)
tc qdisc add dev eth0 handle ffff:fff1 ingress
tc filter add dev eth0 parent ffff:fff1 protocol ip
prio 49 u32 match ip dport 22 0xffff \
police rate 1mbps burst 100k drop flowid :1
tc filter add dev eth0 parent ffff:fff1 protocol ip
prio 50 u32 match ip src 0.0.0.0/0 \
police rate 2mbps burst 100k drop flowid :1
it's allocate 1 mbps for ssh and 2 mbps for other
even you upload at the same time
(hardware speed more then 3 mbps) i.e. prio don't
help you :((
http://luxik.cdi.cz/~patrick/imq/ patch kernel
iptables and redirect
with iptables (in mangle table) packets to imq0 and
furthure use tbf htb and other\
Instances by queuing disciplines are identified by
32 bit numbers, which are split into
major and minor number (16 bit each)Major number
assigned by the user should be in range
1...0x7fff, 0x8000...0xffff automatically allocated
by the kernel for qdisc with unspecified
major number. Major number ffff:fff0 to ffff:ffff
are reserved or have special meaning ffff:fff1
for ingress ffff:ffff selects top-level egress
queuing discipline of an interface (special values
are defined in include/linux/pkt_sched.h and have
names begining with TC_H_)
For detail see: Linux Network Traffic Control -
Implementation Overview
Werner Almesberger Feb 4 2001
21.05.2002 6:31:25, hanhbnetfilter
Post by hanhbnetfilter
ingress can be used to control the incoming packet,
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip
prio 5
Post by hanhbnetfilter
u32 match ip src 172.16.1.11 police rate 10kbit
burst
Post by hanhbnetfilter
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip
prio 5
Post by hanhbnetfilter
u32 match ip src 172.16.1.22 police rate 10kbit
burst
Post by hanhbnetfilter
10k drop flowid :2
first ,I do not sure these method can use
class(could
Post by hanhbnetfilter
it do? I tested it can not do). if it can do it
,please give me a example.
second, rate can not be shared, if i want to
control
Post by hanhbnetfilter
the incoming packet rate not throug egress qdisc,
and
Post by hanhbnetfilter
the rate can be shared, please tell me how can i
do.
_________________________________________________________
Post by hanhbnetfilter
Do You Yahoo!?
摊开你的掌心 让我看看你
http://sweepstakes.yahoo.com/2002cnuser
_______________________________________________
http://mailman.ds9a.nl/mailman/listinfo/lartc
HOWTO: http://lartc.org/
-----------------------------------
BR
Alexey Talikov
FORTEK
-----------------------------------
_________________________________________________________
Do You Yahoo!?
摊开你的掌心 让我看看你
http://sweepstakes.yahoo.com/2002cnuser
-----------------------------------
mailto:***@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------

Loading...