"segmented" traffic shaping bridge

Hi all,

First I don't really know if this is the right list to send this message. I've been trying to subscribe to the LARTC mailing list for the past two months but it seems to be down.

I have a fairly great experience with iptables and networking concepts in general. However I've never done traffic shaping on Linux and I'm wondering if the following is possible, and what whould be your best advice to make it work in a resources efficient way.

I have a medium sized network (~250 hosts) with around 10 physical subnets, and a Linux router/firewall (running vyatta) between them and my Internet link.

On top of this router/firewall I've setup a new machine running Debian acting as a bridge. What I need to do on it is to manage the bandwith use in a per host basis for my international bandwith, which is much more reduced than my available national bandwith.

My current figure is as follows:

{ internet link } <---> [ (eth0) linux bridge (eth1) ] <---> [ linux router ] <--> { LAN }

I have already managed to mark the outgoing packets to the Internet link belonging to the international traffic, using a frequently updated IP database and iptables.

Doing some preliminary tests with traffic shaping, I also managed to reduce the overall outgoing international traffic; however this is not what I desire: I need to put a bandwidth limit _on each_ source IP address from inside my network to any package marked by iptables/ netfilter as an international destination, instead of an overall limit. I would also need to set different classes of upstream bandwidth limits, like 256, 512, 1024 and 2048 kbps.

Any help would be greatly appreciated.

Best regards and thanks.

