On 04/11/2012 08:02:41 AM, Andy Lemin wrote: > Hello, > I know this has been discussed before,
You will want to see this thread: Working example of bi-directional asymmetric ALTQ + NAT ruleset? http://marc.info/?t=129472965800001&r=1&w=2 It talks about being able to have a single queue on more than one interface, so you'd use a single outbound queue on all your internal interfaces to effectively rate-limit your inbound wan traffic. You'll want to use the hfsc scheduler because you're trading bandwidth for latency. And hfsc has sub-queues too so that might help allocate the traffic per internal interface. I haven't thought about this in quite some time but I think that this approach will work. But because I've not thought about it I could be all wrong. :-) It's not a perfect solution; it won't work in the general case where you've more than one interface you want to limit inbound traffic on. If sharing a queue on your internal interfaces does not do it you could get ugly and use an extra 2 real interfaces (instead of the loopback interface as you suggest) and a separate routing table and physically loop the traffic back. This is less ugly than having another box. I suspect the loopback interface approach won't work, but that's a total guess. If it does work I'm not sure I'd want to count on such a kludge continuing to work long-term. I'm very interested in what works and what doesn't so it would be good to hear back from you. > We have to use inbound queuing, without it our WAN link saturates > with > low priority traffic, and we need to maintain headroom for high > priority VoIP traffic etc. Don't forget the "empty" ack packets. > If we had to bounty this, how much? I might be able to get =A3100 for > a > bounty? I heard the number $20,000 (US) thrown around. I have no idea if that's a realistic number. Karl <k...@meme.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
