Chuck Kollars wrote: >I've got many machines behind a Shorewall Firewall >that among other things NATs them all. I want to add >some sort of Traffic Control that will give each >computer a very roughly equal slice of my Internet >bandwidth. So I've started by turning on Shorewall TC. >It works as expected. > >But, there seems to be a loophole that can allow a few >computers to use way way more than their fair share of >bandwidth despite the TC. For example a computer that >ran BitTorrent would (in my mind:-) abuse their >capability by having their say 14 connections to >different outside machines treated as 14 separate >flows by the SFQ (Stochastic Fair Queueing) in the >kernel and so get 14 turns (!) during every SFQ pass >through its hash buckets. (Meanwhile computers >browsing the web would get only one turn!) > >What can I do to treat each _computer_ rather than >each _flow_ as a user of bandwidth? Any suggestions?
Well a first suggestion has to be to apply traffic prioritisation - see http://lartc.org/howto/lartc.cookbook.ultimate-tc.html There is an example on the Shorewall web pages to implement this with Shorewall instead of by direct manipulation of iptables. This would allow you to lower the priority of 'bulk' traffic such as smtp and bittorrent and limit their ability to affect performance of regular activities (eg web browsing) and high priorities (like VoIP). At work we got to the stage where the VoIP became unusable during the afternoons and this made it work again. If that isn't good enough, then the only other way I can think of would be to create a queue per (active) internal address - but that seems like a lot of work, and as you say may be too late in the chain. I do believe you should be able to mark packets in ingress though, and apply tc based on these marks. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
