[Shorewall-users] Understanding IFB

Bill Shirley Thu, 27 Sep 2012 10:28:43 -0700

I'm experiencing a problem with masquerade downloads saturating my 
internet connection.  I've implemented an IFB and now am looking into 
flow keys.  Although I've read the documentation, I'm not sure I have 
this right.  Can someone help?


/etc/shorewall/params:
MID_IF=eth0
MID_IF_TC=1
INET1_IF=eth1
INET1_IF_TC=2
INET1_IFB_IF=ifb0
INET1_IFB_TC=3

Note: MID_IF is the LAN and INET1_IF is my internet connection.

/etc/shorewall/tcdevices:
#NUMBER:                        IN-BANDWITH     OUT-BANDWIDTH 
OPTIONS         REDIRECTED
#INTERFACE                                                       INTERFACES

$MID_IF_TC:$MID_IF                      0               1000mbit

$INET1_IF_TC:$INET1_IF                -               2mbit             
   classify
$INET1_IFB_TC:$INET1_IFB_IF     -               12mbit            
-                   $INET1_IF

/etc/shorewall/tcclasses:
#INTERFACE:CLASS        MARK    RATE:           CEIL PRIORITY        OPTIONS
#                               DMAX:UMAX

$MID_IF:110             -       30*full/100     95*full/100     1
$MID_IF:120             -       20*full/100     95*full/100 2       tcp-ack
$MID_IF:130             -       20*full/100     95*full/100 3       default
$MID_IF:140             -       15*full/100     85*full/100     4
$MID_IF:150             -       10*full/100     85*full/100     5

$INET1_IF:110           -       30*full/100     95*full/100 1       
flow=nfct-src
$INET1_IF:120           -       20*full/100     85*full/100 2       
flow=nfct-src,tcp-ack
$INET1_IF:130           -       20*full/100     75*full/100 3       
flow=nfct-src,default
$INET1_IF:140           -       15*full/100     45*full/100 4       
flow=nfct-src
$INET1_IF:150           -       10*full/100     35*full/100 5       
flow=nfct-src

$INET1_IFB_IF:110       -       30*full/100     95*full/100 1       flow=dst
$INET1_IFB_IF:120       -       20*full/100     95*full/100 2       
flow=dst,tcp-ack
$INET1_IFB_IF:130       -       20*full/100     95*full/100 3       
flow=dst,default
$INET1_IFB_IF:140       -       15*full/100     85*full/100 4       flow=dst
$INET1_IFB_IF:150       -       10*full/100     85*full/100 5       flow=dst

I'm looking at the flow=keys from here:
http://www.shorewall.net/manpages/shorewall-tcclasses.html

Is this right?  Is it logical to put flow control on the IFB?

Bill


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Understanding IFB

Reply via email to