On 12/01/2005 05:17:07 PM, Terje Elde wrote:
Really tired, so this is just a quick shot at explaining one possible
setup:
1. Set the speed of all interfaces to their actual physical speeds.
Exception: If your WAN link is behind another router, set it to
90% or so of the speed that router has, to avoid filling it's queue,
which would cause your queuing to loose effect.
2. Create a queue on the LAN and DMZ interfaces, limited to the
speed of the WAN interface. We'll call these queues lan_wan and
dmz_wan
3. Create another queue of the rest of the bandwidth, and let it
borrow bandwidth from the WAN queue. We'll call these lan_lan and
dmz_dmz.
3. When the rest of the rules are written classify any traffic going
from WAN to LAN into the lan_wan queue, any traffic going from WAN to
DMZ into the dmz_wan queue, any traffic from DMZ to LAN into the
lan_lan queue, etc.
I thought the queues were tied to the interfaces, so that, for
instance, queue on the LAN interface could not borrow bandwidth
from a queue on the DMZ interface. So then you either need to
partition your WAN bandwidth between the LAN and the DMZ, radically
reducing the total bandwidth available to either (as far as
the net is concerned), or you run the
risk of losing all your queueing when you fill the WAN link
because datagrams will get dropped on the far side of the WAN link.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
