[LARTC] Absolute Maximal Bandwidth

["Dan" <dan@34q.eu>]

Hey,

I currently have a box serving as a firewall (running iptables) and packet
shaper (using tc / tcng's tcc compiler) to shape a large amount of inbound
and outbound traffic to my data center.

Whilst I can perform shaping functions using HTB, I need to also provide an
absolute (to the nearest few 100kb/s) bandwidth usage maximum. As an example
I might have 200MBit/sec "agreed" bandwidth, and the ability to go up to
500MBit/sec if I wish. Anything past 200MBit/sec invokes a huge cost.

Example tcc script (might contain typos):

dev eth0 {

        ingress 
        { 
                $inpolicer = SLB ( cbs 100kB, cir 200Mbps );
                class (<$whatever>) if SLB_ok ($policer);
                drop if 1; /* Drop the traffic exceeding the 200mbit rate */
        }
        egress
        {
                $egpolicer = SLB (cbs 100kB, cir 200Mbps );
                class (<$ftp>) if (ip_dst == 10.1.1.1 && tcp_dport == 21 &&
SLB_ok ($egpolicer));
                class (<$web>) if (tcp_dport == 80 && SLB_ok ($egpolicer));
                class (<$oth>) if SLB_ok ($egpolicer); /* classify to oth if
max bw not exceeded */
                drop if 1; /* I assume we reached max bw if we get here? */

                htb(){ ... }                    
        }       
}

The question is: Can I rely on something like the SLB macro to absolutely
guarantee this maximum is enforced, or do I need to find some other way to
let me sleep at night?

Also, is there a better way of doing this and does the script look ok?

Thanks in Advance!

Dan


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc