On Mon, Aug 20, 2012 at 05:06:43PM +0100, [email protected] wrote:
> I have apply first to eth0 after to eth1 and also in eth0 and eth1. I
> test with iper, with NetStress and also with an ftp file transference.
> But this is not limiting the rate, why?
Did you read the documentation?
Ingress Policing:
These settings control ingress policing for packets received on this
interface. On a physical interface, this limits the rate at which
traffic is allowed into the system from the outside; on a virtual
interface (one connected to a virtual machine), this limits the rate at
which the VM is able to transmit.
Policing is a simple form of quality-of-service that simply drops pack‐
ets received in excess of the configured rate. Due to its simplicity,
policing is usually less accurate and less effective than egress QoS
(which is configured using the QoS and Queue tables).
Policing is currently implemented only on Linux. The Linux implementa‐
tion uses a simple ``token bucket’’ approach:
· The size of the bucket corresponds to ingress_polic‐
ing_burst. Initially the bucket is full.
· Whenever a packet is received, its size (converted to
tokens) is compared to the number of tokens currently in
the bucket. If the required number of tokens are avail‐
able, they are removed and the packet is forwarded. Oth‐
erwise, the packet is dropped.
· Whenever it is not full, the bucket is refilled with
tokens at the rate specified by ingress_policing_rate.
Policing interacts badly with some network protocols, and especially
with fragmented IP packets. Suppose that there is enough network
activity to keep the bucket nearly empty all the time. Then this token
bucket algorithm will forward a single packet every so often, with the
period depending on packet size and on the configured rate. All of the
fragments of an IP packets are normally transmitted back-to-back, as a
group. In such a situation, therefore, only one of these fragments
will be forwarded and the rest will be dropped. IP does not provide
any way for the intended recipient to ask for only the remaining frag‐
ments. In such a case there are two likely possibilities for what will
happen next: either all of the fragments will eventually be retransmit‐
ted (as TCP will do), in which case the same problem will recur, or the
sender will not realize that its packet has been dropped and data will
simply be lost (as some UDP-based protocols will do). Either way, it
is possible that no forward progress will ever occur.
ingress_policing_rate: integer, at least 0
Maximum rate for data received on this interface, in kbps. Data
received faster than this rate is dropped. Set to 0 (the
default) to disable policing.
ingress_policing_burst: integer, at least 0
Maximum burst size for data received on this interface, in kb.
The default burst size if set to 0 is 1000 kb. This value has
no effect if ingress_policing_rate is 0.
Specifying a larger burst size lets the algorithm be more for‐
giving, which is important for protocols like TCP that react se‐
verely to dropped packets. The burst size should be at least
the size of the interface’s MTU. Specifying a value that is
numerically at least as large as 10% of ingress_policing_rate
helps TCP come closer to achieving the full rate.
> Can someone tell me where rate-limit is done at source code level?
It's a feature of the Linux kernel. Open vSwitch just configures the
feature.
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
