ingress traffic shaping

Metalfan Metalfana commercials22 at yahoo.com
Sat Aug 25 10:22:47 UTC 2012


Hi,

looks like there are very few good examples out there that show some basic ingress filtering, found this:
http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb


$TC qdisc del dev ifb0 root handle 1: prio 
$TC qdisc add dev ifb0 root handle 1: prio 
$TC qdisc add dev ifb0 parent 1:1 handle 10: sfq
$TC qdisc add dev ifb0 parent 1:2 handle 20: tbf \ rate 20kbit buffer 1600 limit 3000
$TC qdisc add dev ifb0 parent 1:3 handle 30: sfq                                
$TC filter add dev ifb0 parent 1: protocol ip prio 1 u32 \ match ip dst 11.0.0.0/24 flowid 1:1 
$TC filter add dev ifb0 parent 1: protocol ip prio 2 u32 \ match ip dst 10.0.0.0/24 flowid 1:2  ifconfig ifb0 up 
$TC qdisc del dev eth0 root handle 1: htb default 2
$TC qdisc add dev eth0 root handle 1: htb default 2
$TC class add dev eth0 parent 1: classid 1:1 htb rate 800Kbit
$TC class add dev eth0 parent 1: classid 1:2 htb rate 800Kbit
$TC class add dev eth0 parent 1:1 classid 1:10 htb rate 256kbit ceil 384kbit
$TC class add dev eth0 parent 1:1 classid 1:20 htb rate 512kbit ceil 648kbit
$TC filter add dev eth0 parent 1: protocol ip prio 1 u32 \ match ip dst 10.0.0.229/32 flowid 1:10 \ action mirred egress redirect dev ifb0 


just running these lines with sudo results in:
ipt: unrecognized option '--set-mark'

this is a 12.04 system running 3.2.0-29-generic, why does it error?

---------------------------------------
also got some questions on the approach:
why did they create some qdiscs on ifb0 and later some on eth0? why not
put it all in one place?



greets
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20120825/f6cd0b28/attachment.html>


More information about the ubuntu-users mailing list