Re: "segmented" traffic shaping bridge

To: debian-firewall@lists.debian.org
Subject: Re: "segmented" traffic shaping bridge
From: Paolo <oopla@users.sf.net>
Date: Wed, 17 Dec 2008 15:50:07 +0100
Message-id: <[🔎] 20081217145007.GA16846@localhost>
Mail-followup-to: oopla@liszt.debian.org, debian-firewall@lists.debian.org
In-reply-to: <[🔎] 4948399F.3020909@qk.com.au>
References: <[🔎] CAC88268-C439-43B4-9A8C-2F574BB66C74@igloo.cl> <[🔎] 20081211144013.GA13664@localhost> <[🔎] 4948399F.3020909@qk.com.au>

On Wed, Dec 17, 2008 at 10:28:31AM +1100, Mark Chong wrote:
> 
> hashlimit implements a packet based token bucket filter, where as for 
> traffic shaping you want something bit based.
...
> however with tc you setup classes for how you want bandwidth to be split up 

yep, agreed - tc is the tool for Traffic Control, and the way to make it
collaborate with NF seems suggested eg here
  http://lartc.org/howto/lartc.netfilter.html
However, pps limit could be fine as well, depending on your needs: if pps 
is high enough, apps using small packets (telnet, ssh, whatever) won't suffer
bw limits; and yes the length module should allow for finer tuning - I'd 
rather use no more than 3 classes, though - which doesn't sound too horrible
to me.
Newer kernels (apparently since 2.6.19) offer connbytes, which seems to
allow for same bps control - I don't know how to use it, though.

Anyway, better not mix rate control algos/modules - ie if you use tc don't
use NF's rate control/limits too, as feedback mechanisms may badly interact,
and also play badly with TCP's own.

-- 
paolo

Reply to:

References:
- "segmented" traffic shaping bridge
  - From: "Carlos Oliva G." <carlos.oliva@igloo.cl>
- Re: "segmented" traffic shaping bridge
  - From: Paolo <oopla@users.sf.net>
- Re: "segmented" traffic shaping bridge
  - From: Mark Chong <mchong@qk.com.au>

Prev by Date: Re: limit traffic using iptables
Previous by thread: Re: "segmented" traffic shaping bridge
Next by thread: limit traffic using iptables
Index(es):
- Date
- Thread