Search This Blog

Friday, February 12, 2010

Re: shaping: dividing bandwidth between router & NAT hosts

Cory Oldford wrote at 2010-02-12 15:51 -0600:
> Policing != shaping

Stephan suggested:
> "lowering throughput by around 10%" compared to upstream down bandwidth

And I said later:
> So, I just need to do ingress policing on WAN interface at 10% less than tested
> down bitrate...

Stephan said:
> Yes. You'll need IMQ for this.

I said:
> Huh?  Why not just this?
>
> tc qdisc add dev eth0 handle ffff: ingress
> tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWN}kbits burst 10k drop flowid :1


So, Stephan must have been meant ingress shaping (delaying packets?) and I
assumed he meant ingress policing. Is there a significant reason to use
shaping rather than policing? Yes, policing drops valid packets, but TCP will
cause that anyway before backing off sending.

No comments: