Jason Boxman wrote:
On Tuesday 28 September 2004 15:36, gypsy wrote:
How can I implement ingress shaping / policing to limit the combined
incoming rate, regardless of IP, to about 700K (the connection is
actually 730K in and 690K out). Only because it REALLY annoys me to
drop an already received packet, I would prefer to shape than to drop,
but I am presently policing.
I can't see how you could shape other than to drop. You have already received
the packet. If it's over the rate for that particular flow, and the traffic
is TCP, you can only hope enough drops will result in the connection being
throttled by the remote end's TCP stack.
Queueing is important aswell as dropping. You will need to drop
sometimes, but you can decide to only queue/drop bulk traffic if you
shape with htb. For ingress, or more correctly, shaping from the wrong
and of a bottleneck I like to use esfq (so I can choose length) with
classic hash - so that each tcp gets dequeued at the rate it's entitled
- rather than a burst at near full speed followed by a wait while others
are serviced. Shaping from the narrow end of the bottleneck is hard if
you care alot about latency and don't want to sacrifice too much
bandwidth. SFQ helps prevent burstiness over other queues - but don't
set perturb too low - Default (10) is OK, I use 20. It causes packet
reordering which hurts latency when shaping incoming - the effect is
worse with single connections.
There are other tweaks possible but they are probably not worth the
hassle unless you are noticing problems.
Andy.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
