On Wed, Dec 17, 2008 at 10:28:31AM +1100, Mark Chong wrote: > > hashlimit implements a packet based token bucket filter, where as for > traffic shaping you want something bit based. ... > however with tc you setup classes for how you want bandwidth to be split up
yep, agreed - tc is the tool for Traffic Control, and the way to make it collaborate with NF seems suggested eg here http://lartc.org/howto/lartc.netfilter.html However, pps limit could be fine as well, depending on your needs: if pps is high enough, apps using small packets (telnet, ssh, whatever) won't suffer bw limits; and yes the length module should allow for finer tuning - I'd rather use no more than 3 classes, though - which doesn't sound too horrible to me. Newer kernels (apparently since 2.6.19) offer connbytes, which seems to allow for same bps control - I don't know how to use it, though. Anyway, better not mix rate control algos/modules - ie if you use tc don't use NF's rate control/limits too, as feedback mechanisms may badly interact, and also play badly with TCP's own. -- paolo -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
