Hi John Does this result in the ability to set per internal host max ingress bandwidth? If so, any chance you can share a snippet of a script? I will be trying to reproduce your setup. Thank you! Peter On Fri, Feb 19, 2021 at 7:16 AM John Sager wrote: > That's basically what I do. I set marks on outgoing traffic in the mangle > table which are copied to connmark before egress. Then on ingress the > connmark is restored to the packet and punted to ifb0 using 'action > connmark > action mirred egress redirect dev $IFB' as an ingress filter on the > incoming > interface (ppp0 in my case). Then I have HTB classes on ifb0 which set > rate > limits for different traffic classes indicated by the marks. I have only 6 > traffic classes (I bundle all video into one class), but as marks are 32 > bits wide there is lots of scope for classes for individual IP addresses. > > John > > On 18/02/2021 19:28, Toke Høiland-Jørgensen via Cake wrote: > > Peter Lepeska writes: > > > >> A user on the OpenWrt forum suggested hashlimit rules supported by > >> iptables. How does that idea sound to you? > > > > That will result in a cliff-edge policer (i.e., as soon as a device goes > > over its limits it will see every packet get dropped). This doesn't > > interact too well with the burstiness of TCP, so you'll likely get > > erratic behaviour of the traffic if you do that. Doing the same thing > > with HTB means the router will queue+shape each class (and with FQ-CoDel > > on the leaves, you'll get a nice AQM behaviour as well), so that will be > > smoother and less prone to bloat :) > > > > -Toke > > _______________________________________________ > > Cake mailing list > > Cake@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cake > > > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake >