That's basically what I do. I set marks on outgoing traffic in the mangle
table which are copied to connmark before egress. Then on ingress the
connmark is restored to the packet and punted to ifb0 using 'action connmark
action mirred egress redirect dev $IFB' as an ingress filter on the incoming
interface (ppp0 in my case). Then I have HTB classes on ifb0 which set rate
limits for different traffic classes indicated by the marks. I have only 6
traffic classes (I bundle all video into one class), but as marks are 32
bits wide there is lots of scope for classes for individual IP addresses.
John
On 18/02/2021 19:28, Toke Høiland-Jørgensen via Cake wrote:
Peter Lepeska <[email protected]> writes:
A user on the OpenWrt forum suggested hashlimit rules supported by
iptables. How does that idea sound to you?
That will result in a cliff-edge policer (i.e., as soon as a device goes
over its limits it will see every packet get dropped). This doesn't
interact too well with the burstiness of TCP, so you'll likely get
erratic behaviour of the traffic if you do that. Doing the same thing
with HTB means the router will queue+shape each class (and with FQ-CoDel
on the leaves, you'll get a nice AQM behaviour as well), so that will be
smoother and less prone to bloat :)
-Toke
_______________________________________________
Cake mailing list
[email protected]
https://lists.bufferbloat.net/listinfo/cake
_______________________________________________
Cake mailing list
[email protected]
https://lists.bufferbloat.net/listinfo/cake
