-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sunday 25 April 2004 09:06, Andy Furniss wrote:
Jason Boxman wrote:
Egress is easy. Ingress seems to be a topic that is discussed often on LARTC, and I believe your options are to either use an ingress policer or the IMQ target. The former you can do directly with tcng, the latter I believe you cannot.
I know nothing about TCNG so can't help there.
You can shape ingress without using IMQ as long as you have just one LAN interface and don't care about traffic headed for the shaping PC. You just shape on the LAN interface.
But *how* does such a setup now looks like, either in tcng or in gc syntax?
This is what I actually do: - -------------------------------------------------- #! /bin/sh
DEV=ppp0 UP=256 DOWN=768 CLIENTS="192.168.2.1 192.168.2.2 192.168.2.3 192.168.2.5 192.168.2.6 192.168.2.7 192.168.2.8" TC=$(which tc)
# reset $TC qdisc del dev ${DEV} root &>/dev/null $TC qdisc del dev ${DEV} ingress &>/dev/null
# attach HTB queue discipline to device $DEV $TC qdisc add dev $DEV root handle 1: htb default 12
# create client classes for shaping DOWN-stream crate=$[DOWN / NumClients] i=0 for host in $CLIENTS; do $TC class add dev $DEV parent 1:1 classid 1:1$i htb rate ${crate}kbit ceil ${DOWN}kbit $TC filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip src $host flowid 1:1$i i=$[i + 1] done
# TODO shaping UP stream - --------------------------------------------------
This is my script. And I do not really now, *where* to differ here to once shape down-stream, and once to shape the up-stream
I'd be really really very happy, if someone would point me in this *wrong* script to the right direction.
You have to set you rates lower than your real rates - for ingress about 80% so you actually get queues growing that you can control. For egress about 85% with dsl as there are extra overheads and TC counts IP size.
You should be shaping on eth0 if that's your LAN facing interface - you shape egress from the shaping box to the LAN to do ingress (on simple setups). The src IP match needs to change to dst.
As it is the script may have too big queues - but should work as a test, you may also endup wanting to split interactive traffic from bulk to make things nicer for users - but that sort of thing is policy to be thought about/agreed by users.
Andy.
Many thanks, Christian Parpart. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAi/jRPpa2GmDVhK0RAiyiAJ9t1LngvstQqwqGkTC367USYfcQtQCeNHUV nc9176QOuUWp1XqeCSrbj8g= =Po1b -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
