<div dir="ltr">"I'll put together a toy iptables rules file and a toy script with the<br>necessary tc commands. "<div><br></div><div>Wow -- that would be really appreciated. Question: will you need to explicitly call out the inside IP address of the host being shaped? Or, can it be set to shape each inside host?</div><div><br></div><div>I'm not sure you can post to mailing list but maybe give it a shot (since there may be general interest) and if it fails email me directly?</div><div><br></div><div>Thanks!!!</div><div><br></div><div>Peter</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 19, 2021 at 2:04 PM John Sager <<a href="mailto:john@sager.me.uk">john@sager.me.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Yes. The marks are set on egress so you can select on inside IP address, <br>
port, protocol - in fact many characteristics that iptables rules can test <br>
for. I'll put together a toy iptables rules file and a toy script with the <br>
necessary tc commands. It'll take me a few days though as I'm busy with <br>
other stuff currently.<br>
<br>
PS does the cake list allow attachments? It will be a small zip file.<br>
<br>
John<br>
<br>
On 19/02/2021 15:02, Peter Lepeska wrote:<br>
> Hi John<br>
> <br>
> Does this result in the ability to set per internal host max ingress <br>
> bandwidth? If so, any chance you can share a snippet of a script? I will be <br>
> trying to reproduce your setup.<br>
> <br>
> Thank you!<br>
> <br>
> Peter<br>
> <br>
> On Fri, Feb 19, 2021 at 7:16 AM John Sager <<a href="mailto:john@sager.me.uk" target="_blank">john@sager.me.uk</a> <br>
> <mailto:<a href="mailto:john@sager.me.uk" target="_blank">john@sager.me.uk</a>>> wrote:<br>
> <br>
> That's basically what I do. I set marks on outgoing traffic in the mangle<br>
> table which are copied to connmark before egress. Then on ingress the<br>
> connmark is restored to the packet and punted to ifb0 using 'action<br>
> connmark<br>
> action mirred egress redirect dev $IFB' as an ingress filter on the<br>
> incoming<br>
> interface (ppp0 in my case). Then I have HTB classes on ifb0 which set rate<br>
> limits for different traffic classes indicated by the marks. I have only 6<br>
> traffic classes (I bundle all video into one class), but as marks are 32<br>
> bits wide there is lots of scope for classes for individual IP addresses.<br>
> <br>
> John<br>
> <br>
> On 18/02/2021 19:28, Toke Høiland-Jørgensen via Cake wrote:<br>
> > Peter Lepeska <<a href="mailto:bizzbyster@gmail.com" target="_blank">bizzbyster@gmail.com</a> <mailto:<a href="mailto:bizzbyster@gmail.com" target="_blank">bizzbyster@gmail.com</a>>><br>
> writes:<br>
> ><br>
> >> A user on the OpenWrt forum suggested hashlimit rules supported by<br>
> >> iptables. How does that idea sound to you?<br>
> ><br>
> > That will result in a cliff-edge policer (i.e., as soon as a device goes<br>
> > over its limits it will see every packet get dropped). This doesn't<br>
> > interact too well with the burstiness of TCP, so you'll likely get<br>
> > erratic behaviour of the traffic if you do that. Doing the same thing<br>
> > with HTB means the router will queue+shape each class (and with FQ-CoDel<br>
> > on the leaves, you'll get a nice AQM behaviour as well), so that will be<br>
> > smoother and less prone to bloat :)<br>
> ><br>
> > -Toke<br>
> > _______________________________________________<br>
> > Cake mailing list<br>
> > <a href="mailto:Cake@lists.bufferbloat.net" target="_blank">Cake@lists.bufferbloat.net</a> <mailto:<a href="mailto:Cake@lists.bufferbloat.net" target="_blank">Cake@lists.bufferbloat.net</a>><br>
> > <a href="https://lists.bufferbloat.net/listinfo/cake" rel="noreferrer" target="_blank">https://lists.bufferbloat.net/listinfo/cake</a><br>
> ><br>
> _______________________________________________<br>
> Cake mailing list<br>
> <a href="mailto:Cake@lists.bufferbloat.net" target="_blank">Cake@lists.bufferbloat.net</a> <mailto:<a href="mailto:Cake@lists.bufferbloat.net" target="_blank">Cake@lists.bufferbloat.net</a>><br>
> <a href="https://lists.bufferbloat.net/listinfo/cake" rel="noreferrer" target="_blank">https://lists.bufferbloat.net/listinfo/cake</a><br>
> <br>
</blockquote></div>