[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Traffic shaping in two directions on bridge

Bruno Afonso wrote:

Per-Olov Sjöholm wrote:

Bruno Afonso said:

Henning Brauer wrote:

This means that over 90% of all
bridge examples I have seen on the net where queueing takes place in two
directions are wrong.

that may be the case.

You can simply queue on the outgoing of the INTERNAL interface to limit
download bandwidth. That's why normally people queue on both interfaces.

Why queue on both interfaces if you want to limit only the download? Maybe
tag the packets on the Internet interface but use altq on the lan
Isn't that one of the basics to queue on the interface where the packet
leaves the firewall? Did you mix up tagging and the queuing itself? Or did
I miss something here? Then somebody can be nice to correct me...

How can you limit the download if you can only limit on the outgoing of an interface? You CANNOT limit what the ISP sends you. So, you can only limit what you send to the internal network on the internal interface outgoing traffic.

You can use tagging or whatever techniques you fancy but you will need to have to use altq on the lan interface. This is what I said. Tagging is extremely useful for NAT setups for example.

I am not doing anything against the basics here. I am using altq when the packet leaves the firewall, when it leaves the internal interface of the firewall. Why do you assume when it leaves the firewall it must leave into the internet?

Well, you could always time the ACKs that you send. So if you assign X bps on the outside interface to IP0, and you get a lot of packets, they will chocke the bandwidth allocation and your ACKs will be delayed, so the other side will back off until it gets comfortable with the ACKs rate. So you can actually allocate bandwidth on hte OUTSIDE interface.