[LARTC] Re: tcng ingress policing question

Jacob Teplitsky jacobt@bivio.net
Thu, 6 May 2004 12:23:33 -0700 

Simon,
Try something like this:
dev eth0 {
   ingress {
      $police_isp = SLB( cbs 100kB, cir 50000 kbps );
      $police_mirror = SLB( cbs 20kB, cir 2000 kbps );
      $police_other = SLB( cbs 10kB, cir 1000 kbps );

      class(<>) if (ip_src == 1.1.1.1 || /* external host */
                         ip_src == 2.2.2.2 ) && /* backup traffic */
                         SLB_else_drop($police_isp);
      class(<>) if ( ip_src == 3.3.3.3 ||
                            ip_src == 5.5.5.5 ) &&
                            SLB_else_drop($police_mirror);
      class(<>) if SLB_else_drop($police_other);
   }
}
> Message: 2

- Jacob

> Date: Thu, 06 May 2004 16:16:04 +0200
> From: Simon Oosthoek <simon.oosthoek@ti-wmc.nl>
> Organization: WMC
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] tcng ingress policing question
> 
> Hi all
> 
> I started playing with tcng to generate my tc rules, but I have some 
> difficulty implementing my rules...
> 
> The script below generates an error:
> #  Device eth0
> 
> tc qdisc add dev eth0 ingress
> beginner.tc:2: don't know how to build meter for this
> 
> 
> The script is below, I changed the real IP numbers for XXs and YYs, 
> since it doesn't really matter what they are. eth0 is the external interface
> 
> The intention is to limit the rate in most cases to 1 Mbit/s, the linux 
> distr. mirror's may cause a bit more and within the ISP we're not 
> charged with higher rates than we agreed on.
> 
> Anyone know why tcc can't do this, or is it something I should be doing 
> in the egress part?
> (I'd prefer not to, since I have more than 2 interfaces...)
> 
> TIA
> 
> Simon
> 
> PS, the other interfaces don't have any queues, since this would be 
> handled by the ingress policing in this way.
> ==============================
> script:
> ==============================
> 
> dev eth0 {
>    ingress {
>       $police_isp = SLB( cbs 100kB, cir 50000 kbps );
>       $police_mirror = SLB( cbs 20kB, cir 2000 kbps );
>       $police_other = SLB( cbs 10kB, cir 1000 kbps );
> 
>       class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */
>                          ip_src == YYY.YYY.YYY.YYY ) && /* backup traffic */
>                          SLB_ok($police_isp);
>       class(<>) if ( ip_src == host("host.mirror.one") ||
>                             ip_src == host("host.mirror.two") ) &&
>                             SLB_ok($police_mirror);
>       class(<>) if SLB_ok($police_other);
>    }
> 
>    egress {
>       class(<$isp>) if ip_src == XXX.XXX.XXX.XXX /* external host */
>                       if ip_src == YYY.YYY.YYY.YYY; /* backup traffic */
>       class(<$other>) if 1;
> 
>       htb () {
>          class ( rate 100000 kbps ) {
> 
>                 $isp = class ( prio 2, rate 50000 kbps )
>                     { sfq ( perturb 5 sec ); };
> 
>                 $other = class ( prio 1, rate 1000 kbps )
>                     { sfq ( perturb 10 sec ); };
> 
>          }
>       }
>    }
> }
> 
> dev eth3 {
>    ingress {
>       $policer = SLB( cbs 10kB, cir 500 kbps );
>       class ( <> ) if SLB_ok( $policer );
>       drop if 1;
>    }
>    egress {
>    }
> }
> 
>