[Shorewall-users] traffic shaping

[alex]

    Hello Tom,
    I wrote to you before about strange behaviour of traffic shaping
when i use 10mbit and 100mbit limits. Now i made more accurate test
and found some interesting.
    I have one interface (for test).

params:
     DMZ_IF=eth1

interfaces:
     dmz     $DMZ_IF         detect          detectnets,logmartians

routestopped:
     $DMZ_IF         -

rules:
     SSH/ACCEPT      $FW             dmz

policy:
     $FW             dmz             REJECT          info
     $FW             all             REJECT          info
     dmz             $FW             REJECT          info
     dmz             all             REJECT          info
     all             all             REJECT          info

zones:
     fw      firewall
     dmz     ipv4

     I probe to get file by sftp from DMZ to FW:

sftp> get /home/file.xyz
Fetching /home/file.xyz to file.xyz  <...>  28%   28MB  27.5MB/s   00:02 ETA

     Now i add only one string into 'tcdevices':

$DMZ_IF         500mbit         500mbit

     And try get file again:
sftp> get /home/file.xyz
Fetching /home/file.xyz to file.xyz  <...>   1% 1120KB  64.0KB/s   25:45 ETA

     Catastrophic speed decrease.
     This is output of 'shorewall show tc':

Shorewall 4.0.3 Traffic Control at gate.btis.by - Fri Sep  7 20:10:10 EEST 
2007

Device eth1:
qdisc htb 1: r2q 10 default 0 direct_packets_stat 0 ver 3.17
  Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
  rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: ----------------
  Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
  rate 0bit 0pps backlog 0b 0p requeues 0
class htb 1:1 root prio 0 quantum 200000 rate 500000Kbit ceil 500000Kbit 
burst 626562b/8 mpu 0b overhead 0b cburst 626562b/8 mpu 0b overhea
d 0b level 0
  Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
  rate 0bit 0pps backlog 0b 0p requeues 0
  lended: 0 borrowed: 0 giants: 0
  tokens: 10025 ctokens: 10025

     And at the end when i make this 'tc' configuration by hand (not with
'tcdevices') all work fine.

tc qdisc add dev eth1 root handle 1: htb default 0
tc qdisc add dev eth1 ingress
tc class add dev eth1 parent 1: classid 1:1 htb rate 500mbit ceil 500mbit

     I think matter in 'iptables' rules.

     Thank you for any advice.
     Shubnik Aleksandr

      

--------
Горячее предложение от курсов иностранных языков 'Streamline'!
Всем, кто успеет записаться на курсы до 7 сентября, будет предоставлена 
неделя бесплатных занятий в первом семестре обучения!  http://www.str.by/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users