> necessary. Hmm, is there a way to set up something to test
> pseudo-automatically, like try wget download while the box is booting...
Doing it just once would be fairly unreliable. If for some reason the
initial download was slow, the system will limit itself way below a feasible
rate. Not that I have a quick solution. When I tinkered with this stuff I
figured that there are basically two parameters you can watch:
1. ping round-trip time to the router on the other side of the bottleneck
2. fill state and flow rates of the queues
The ping round-trip tells you how long it takes to get through the
bottleneck up and down. You could monitor that and when it starts going over
half a second your script would gradually squeeze the bandwidth choke. That
way the system would try to keep latency low in the face of congestion.
One problem with this is that you get only compound time up+down, and you
don't know for sure which one is congested. This is where the second part
comes in. By monitoring flow rates the gateway could learn correlation
between flow rates and round-trip times and thus determine the maximal link
capacity, and even adapt to changing capacity.
I've got it all figured out, I'm just too lazy to implement it. :-)
> So, I just need to do ingress policing on WAN interface at 10% less than tested
> down bitrate...
Yes. You'll need IMQ for this.
> ...And egress shaping on WAN interface. I see another message with some more
> tips for that, and of course examples online also.
Do this first, it's a lot simpler. Chances are you'll decide you don't need
ingress shaping after all.
> Thanks.
You're welcome. I spent so much time tinkering with my setup, I'm happy
when it helps somebody else as well.
As a final note: The last time I did ingress shaping I used FreeBSD. That
system has the ability to arbitrate traffic per IP address. This
makes the whole thing a lot fairer. I couldn't find ot how to do this on
Linux. I did write about that and luckily archive.org still has it:
http://web.archive.org/web/20060511021410/www.number.ch/wiki/index.php/FreeBSDTrafficShaping
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment