Karl O. Pinc wrote: > There are may proofs that throttling TCP works, starting > with the original paper (Van Jacoson) in 1988 through > to the many products today that _do_ manage to reserve enough > inbound bandwidth that, e.g., VOIP works reliably. I once > promised on this list to setup a test environment and > re-prove it but have never gotten around to it and it > hardly seems worth bothering.
We have an observatory that sits on the other side of four bonded T1 links, and for political reasons, use pf to shape the traffic *only* on the observatory end of the link. We shape both inbound and outbound traffic; while the outbound traffic is shaped much, much more effectively, the shaping we perform on the inbound traffic is an improvement over no shaping at all. It is only effective for our situation if we deliberately sacrifice a fraction of our inbound bandwidth. In our case, the maximum bandwidth of the bonded T1 link is 6 megabits/second. Our pf configuration uses a maximum bandwidth of 5.5 megabits/second (limit determined empirically), and random early detection to drop packets. The other key factor is that the inbound streams we care about tend to use much lower bandwidth than whatever it is that's clogging up our inbound pipe. If all we cared about was raw throughput, the loss of 10% of our total bandwidth may be more of a problem than ungraceful network congestion. --Kyle
