ingress shaping?

To: Debian-ISP <debian-isp@lists.debian.org>
Subject: ingress shaping?
From: "R.M. Evers" <debian@hbh-it.nl>
Date: Mon, 03 Nov 2003 13:32:19 +0100
Message-id: <[🔎] 1067862738.24773.23.camel@ws2.hbh-it.net>

hi everyone,

thanx for the tips om my last traffic shaping question. i've managed to
get a debian bridge (ebtables / bridge-nf patched 2.4.22 kernel w/
newest 'tc') up and running which does firewalling and outgoing shaping.
now, i wanted to try the incoming ingress shaping, but i cant get it to
work: nothing gets shaped. it seems as if the ingress qdisc just isn't
there.. the topology of my test setup is very simple:

        www
         |
        eth0
    debian bridge (br0)
        eth1
         |
      switch
         |
 -----------------
 |               |
WS1             WS2

i'm only shaping WS2 using HTB and SFQ, which works very nicely. but the
ingress shaping just won't work.

my trafic control setup is as follows:

<-- START -->

TC="/sbin/tc-htb"

WS2="xx.xx.xx.xx/32"

# Delete previous configuration
$TC qdisc del dev eth0 root
$TC qdisc del dev eth0 ingress

# Add root handle. Direct default traffic to class 99.
$TC qdisc add dev eth0 root    handle 1:    htb default 99
$TC qdisc add dev eth0 ingress handle ffff:

# 256k Upload root class.
$TC class add dev eth0 parent 1:   classid 1:1   htb rate 256kbps ceil \
 256kbps

# 32k Upload class for ws2.
$TC class add dev eth0 parent 1:1  classid 1:10  htb rate  32kbps ceil \
 36kbps burst 16k

# 96k Upload class for default traffic.
$TC class add dev eth0 parent 1:1  classid 1:99  htb rate  96kbps ceil \
 128kbps

# ws2 fairness queueing disciplines. Rehash every 10 seconds.
$TC qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

# Fairness queueing discipline for default traffic. Rehash every 10s.
$TC qdisc add dev eth0 parent 1:99 handle 99: sfq perturb 10

# ws2 filters.
$TC filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src \
 $WS2 flowid 1:10

$TC filter add dev eth0 parent ffff: protocol ip u32 match ip src \
 0.0.0.0/0 police rate 8kbps burst 4k mtu 12k drop flowid :1

<-- END -->

as you can see, i am now trying to limit all the incoming traffic, since
i got no result using filtering (not with u32, not with netfilter
marking). but this doesn't work either. also, when i show the filters,
the entire ingress filter isn't shown:

  root@bridge1: ~ # tc-htb filter show dev eth0
  filter parent 1: protocol ip pref 1 u32 
  filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 
  filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key
  ht 800 bkt 0 flowid 1:10 
    match 3e3a34ed/ffffffff at 12

though it does exist as a qdisc:

  root@bridge1: ~ # tc-htb qdisc show dev eth0
  qdisc sfq 99: 
  qdisc sfq 10: 
  qdisc ingress ffff: 
  qdisc htb 1: r2q 10 default 99 direct_packets_stat 1

and stats show nothing:

  root@bridge1: ~ # tc-htb -s -d qdisc show dev eth0
  qdisc sfq 99: 
   Sent 1058 bytes 18 pkts (dropped 0, overlimits 0) 

   qdisc sfq 10: 
   Sent 14748759 bytes 32445 pkts (dropped 0, overlimits 0) 

   qdisc ingress ffff: 
   Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

   qdisc htb 1: r2q 10 default 99 direct_packets_stat 1 ver 3.12
   Sent 14749883 bytes 32464 pkts (dropped 0, overlimits 13585) 


anyone with some experience with this?

regards,
-rodi

Reply to:

Follow-Ups:
- Re: ingress shaping?
  - From: Clement Hermann <clement.hermann@free.fr>

Prev by Date: Re: SSHD trouble
Next by Date: tracking down i/o sucking process
Previous by thread: Re: tracking down i/o sucking process
Next by thread: Re: ingress shaping?
Index(es):
- Date
- Thread