On Thu, 2008-06-05 at 07:20 -0700, Tom Eastep wrote: > Brian J. Murrell wrote: > > > For most home, or other small use situations, isn't it easier to just > > specify priorities of traffic, i.e. > > > > Type Priority > > VOIP 1 > > Interactive (i.e. ssh) 2 > > All other 3 > > Sure. But Shorewall was never targeted at that market. It's predecessor > Seawall was targeted at SOHO users and I originally developed Shorewall to > provide a product that took over where Seawall left off.
SOHO. That's for the most part the situation I'm talking about. I'm
talking about a small enough user base that guaranteeing bandwidth for
certain use cases is overkill and all that is necessary is prioritizing.
> The simple commodity firewall routers typically use a scheme like you
> advocate. But then I've never understood why a home user would choose
> Shorewall over one of those little devices anyway.
For mom, perhaps, but for a hacker, they don't do near enough. In fact
they don't even do enough for mom. VPN technology is sorely lacking
from (almost?) all of them, just for starters.
> Then I urge you to develop such a traffic shaper as an alternative to the
> one built into Shorewall. If it turns out to be wildly popular, we can
> integrate it into Shorewall just like we did with Arne Bernin's
> 'tc4shorewall' which is the current Shorewall builtin TC.
Probably not worth it if HTB can emulate the "prioritize only, not
guarantee bandwidth" given the work that's already present to support
it.
> > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS
> > ppp0 1 full full 1
> > tcp-ack,tos-minimize-delay
> > ppp0 2 full full 2 default
> > ppp0 3 full full 2
^
this last one should have been priority 3---------+
> Not really. HTB works badly when the sum of the RATEs exceeds the
> OUT-BANDWIDTH.
>
> Something more like this should work though:
>
> #INTERFACE MARK RATE CEIL PRIORITY OPTIONS
> ppp0 1 full*98/100 full 1 tcp-ack,tos-minimize-delay
> ppp0 2 full/100 full 2 default
> ppp0 3 full/100 full 2
So is class "1" limited to 98% bandwidth or full? It seems it would be
full (otherwise what's the point of the CIEL?). If class "1" is unused
can class 2 get 100% of the bandwidth? If both class 2 and 3 are
over-saturating, does class 2 get 100% of the bandwidth because of it's
priority?
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
