> ... usage of tc and how Shorewall uses it ... Here's a short&sweet (but not entirely accurate) description: Traffic is divided into classes using your rules, then those classes are metered using HTB. Within each and every class an SFQ makes sure everybody gets a fair share.
> ... back when I was using Wondershaper (so long, long ago).... It's probably obvious but I'll reiterate it anyway-- Wondershaper is great for its intended purpose: a single-user system that wants to retain snappy interactivity even when a download is in progress. But in my experience, it's the wrong approach when firewalling a whole LAN, especially if the primary concern is web browsability (or things like VOiP and Chat and P2P) rather than straightforward downloads. > ... I want to upgrade my traffic shaping rules if possible ... As another example, what I use is documented at http://www.ckollars.org/shaping.html > ... I have been using iptables since the ipchains days ... IMHO, the one thing not to do is "mix" IPtables and Shorewall, keep it one or the other. Shorewall translates your specifications into IPtables rules (but often not in obvious ways). And it implements those specifications using the regular IPtables mechanism, so the capabilities are (almost) the same. > ... I thought this was the point of tcclasses and marking packets > to only use a portion of the bandwidth? ... Huh? Did you mean traffic shaping tries to ensure no one packet flow monopolizes the bandwidth? And it does this by as necessary restricting each packet flow to only a portion of the bandwidth? > ...use all my bandwidth ... HTB (also if driven by Shorewall) has a provision for donating "extra" bandwidth to the next lower class. So with reasonable specifications in 'tcclasses' you can use all your bandwidth. > ... upload can be saturated enough to cause extreme latency ... With traffic shaping, it's often hard to really grasp that it's almost impossible to shape INcoming traffic _directly_. An _indirect_ way to prevent saturation by a download (controlling what you can) is to ration the ACKs for that operation. Slow the outgoing ACKs, indirectly slow the incoming download. > ... introduction of ifb support in newer versions ... YMMV. My experience is it's more than possible to do everything I want wihOUT ifb. Added convenience? probably; More likely to work even with an ill-thought-out configuration? yes; Added functionality? -?- thanks! -Chuck Kollars ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
