Thursday, February 11, 2010

Fwd: shaping: dividing bandwidth between router & NAT hosts

For ingress shaping look at using an IMQ device. Relying on ack packets will cause too many retransmissions on a busy connection and really only affects TCP protocols. I recommend reading about dscp/tos field values and use tcpdump and wireshark to verify how these are set on various traffic. You can then use the MARK or CLASSIFY targets to ensure the traffic ends up in you qdisc classes as expected.

--
Cory Oldford
PeaceWorks Computer Consulting
#2 - 396 Assiniboine Ave, Winnipeg
204 480 0314 --or-- 519 725 7875, ext 610.

----- Original Message -----
From: "Nikolay Bitsadze" <nikobit@gmail.com>
To: "green" <greenfreedom10@gmail.com>, debian-firewall@lists.debian.org
Sent: Thursday, 11 February, 2010 05:47:34 GMT -06:00 US/Canada Central
Subject: Re: shaping: dividing bandwidth between router & NAT hosts

Would you post a link to blog or something to share experience? I have
familiar situation with setting up a home network. So far only Samba...
> I am working on setting up a router/server running Debian Squeeze. I have had
> a lot to learn and have managed to understand iptables and have mostly set up
> filtering.
>
> Now I would like to set up traffic control. I have been reading documentation
> and have been looking for an eth0 ingress way to delay packets in order to
> control download bandwidth, but maybe ingress shaping is not a viable solution.
> Perhaps it is the ACKs that I need to shape instead: delay the outgoing ACKs to
> control downloads and delay the outgoing data to control the uploads. Will
> that work?
>
> The router uses NAT and has the following interfaces:
> - eth0 (WAN)
> - eth1, eth2, eth3 (ethernet LAN)
> - wlan0 (wireless LAN)
> * br0 bridges eth1, eth2, eth3, wlan0
>
> (I do not have the wireless hardware yet; I hope wlan0 will work in the bridge
> without problems.)
>
> The bandwidth will ideally be separated into 4 groups:
> - local (router)
> - ethernat LAN (eth1, eth2, eth3)
> - wireless LAN, known MAC addresses
> - wireless LAN, unknown MAC addresses
> Each group gets a part of the bandwidth and a priority for borrowing.
>
> Can I use iptables to mark/classify packets into these groups?
>
> Thanks lots for your help.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments:

Post a Comment