Hi Michael, > The explanation of ‘Applies to all outbound traffic to/from the Hosts’ was a > little confusing!
Agreed. That could be written better. Indeed, most all the traffic shaping is for the Uplink case, and normally I recommend the "Downlink Speed:" be set to [ Disabled ] . With that in mind here is the code snippet for handling the "Downlink Speed:" Ref: http://sourceforge.net/p/astlinux/code/HEAD/tree/branches/1.0/package/arnofw/traffic-shaper/60traffic-shaper.plugin.sh -- incoming_traffic_limit() { # Skip if DOWNLINK is 0 if [ $DOWNLINK -eq 0 ]; then return fi # Try to control the incoming traffic as well. # Set up ingress qdisc tc qdisc add dev $1 handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that's # coming in too fast: tc filter add dev $1 parent ffff: protocol ip prio 100 estimator 500ms 2sec \ u32 match ip src 0.0.0.0/0 police avrate ${DOWNLINK}kbit drop flowid :1 if [ "$IPV6_SUPPORT" = "1" ]; then tc filter add dev $1 parent ffff: protocol ipv6 prio 101 estimator 500ms 2sec \ u32 match ip6 src ::/0 police avrate ${DOWNLINK}kbit drop flowid :1 fi } -- Thats it, so that is where any logic to change from "drop everything that's coming in too fast" to "drop forwarded packets that's coming in too fast" would be placed. If anyone has references to do such a thing (code reference), please share, and start a new thread on the astlinux-devel list. So the SHAPER_P2P_HOSTS does set the priority of the packet, which can indirectly do some rate limiting by effecting the TCP handshake by delaying packets, but does not do active rate limiting by dropping packets. BTW, I seem to recall that SHAPER_P2P_HOSTS shapes for both directions because it is forwarded traffic, but clearly the Linux "tc" command is very complicated. Lonnie On Jan 22, 2016, at 7:40 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Thanks Lonnie and others. > > Interesting that its both ways. The explanation of ‘Applies to all outbound > traffic to/from the Hosts’ was a little confusing! > > When I activated the inbound shaper, it shaped all traffic INCLUDING my media > which obviously caused more packet loss. > So if I was to use SHAPER_P2P_HOSTS then I would set the downlink shaper to > the actual downlink speed and then drop the priority of the Host(s) within > the envelope? > Also the ‘arno-iptables-firewall status-plugins traffic-shaper’ command is > only for the upstream shaper. Any way I can monitor the downstream? > > Regards > Michael Knill > > > On 23 Jan 2016, at 9:01 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> wrote: > > Throttling inbound traffic is often not much practical use since that > commonly involves just dropping packets, packets that *could* have been > handled. Special cases like guest WiFi access points, dropping packets is > probably fine, which can be commonly done in the external AP itself. > > As far as AstLinux where the shaping is done on the external interface, > inbound shaping normally does not make sense. > > The SHAPER_P2P_HOSTS does "shape" traffic both inbound and outbound, but in a > more subtile way based on priority. > > Lonnie > > > On Jan 22, 2016, at 3:19 PM, David Kerr <da...@kerr.net> wrote: > >> Lonnie, >> I think Michael is asking about limiting inbound traffic, not outbound. The >> SHAPER_P2P_HOSTS setting I think only applies to outbound traffic... because >> as you state we implemented it for the case where you have a NAS server on >> local network uploading to a cloud-based backup and we wanted that to have >> lowest priority. >> >> David >> >> On Fri, Jan 22, 2016 at 10:48 AM, Lonnie Abelbeck >> <li...@lonnie.abelbeck.com> wrote: >> Hi Michael, >> >> I think what you are asking is: "I want to shape all traffic on the external >> interface such that all forwarded traffic has lower priority than any >> internal traffic." >> >> In general, you are better off shaping the traffic "type" rather than >> traffic "source/destination", which is how our Traffic Shaper plugin works >> by default. >> >> But, there is a user configurable option SHAPER_P2P_HOSTS (disabled by >> default) in the configuration: >> Network tab -> Firewall Plugins: [ traffic-shaper ] >> >> If you define... >> -- >> SHAPER_P2P_HOSTS="192.168.101.0/24" >> -- >> then all traffic to and from that subnet will have the lowest priority, >> regardless of the traffic "type". >> >> Multiple subnets (or hosts) can be defined by space separating entries. >> >> Normally the SHAPER_P2P_HOSTS is used for a network backup server to the >> cloud or such and a single Ip address, but defining a full network(s) also >> works. >> >> I'm glad you asked this, this could be generally useful. >> >> Lonnie >> >> BTW, Michael Keuter and I recently noticed that traffic shaping on "server" >> NIC's (ex. Intel "igb" driver) was not working as well as expected, long >> story short, seems NIC packet "offloading" can interfere with traffic >> shaping. As such, we now automatically disable TSO, GSO and GRO on the >> shaped interface when shaping is enabled. This change is in the SVN and >> will appear with AstLinux 1.2.5 . >> >> >> >> On Jan 22, 2016, at 12:17 AM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >>> Yes more Traffic Shaping questions sorry. >>> >>> Is there any way that I can shape certain traffic types only for Downstream? >>> >>> Basically I want to be able to shape all other traffic incoming EXCEPT with >>> a destination of the Asterisk server EXT interface. >>> Is this possible? >>> >>> Regards >>> Michael Knill ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
