0

I have a ubuntu machine with two interfaces. eth1 is the NAT interface and eth2 is the WAN iterface. I have a 4 mbps internet connection. I want to limit it to 2 mbps for the eth1 NAT network. So I use this tc rule:

tc qdisc add dev eth1 root tbf rate 2mbit burst 10kb latency 70ms peakrate 2.4mbit minburst 1540

Now, if I check the bandwidth that goes out of eth1 it is resticted to 250 KBps, which is good. But the bandwidth that comes in at eth2 is more than that: it will be in between 300 KBps to 400 KBps. If I check the status of the tc rule, it shows heavy packet drop. How can I restrict the incoming bandwidth at eth2 to 2 mbits and How can I prevent packet loss?

I tried the solution given in this answer. The line tc qdisc add dev eth2 ingress gave me a file exists error. The second approach in the answer showed the same behaviour I refered to here: more data (above 2mbit) getting in via eth2.

EDIT 1: What iptables and tc rules I can use to slow down SYN, ACK, FIN packets so as to make ISP routers aware of the congestion on my local network.

Community
  • 1
nixnotwin
  • 1,513
  • 5
  • 34
  • 54

2 Answers2

3

Unless I am misunderstanding your goals, you cannot really restrict the rate at which packets come in to your network from your ISP unless you coordinate some form of QoS with your ISP to shape traffic at their routers. This typically requires a business-class connection and money. You are seeing packet drops because that is the only way to shape traffic - you drop it on the floor. So your TC rule is working as designed, but you cannot control what level of traffic gets sent to your WAN interface, as senders try to send it as fast as possible.

Now, you can sort of shape incoming TCP traffic by strategically dropping packets or messing with ACK packets to make senders think your network is more congested that it actually is. But that doesn't really help things for non-TCP traffic coming into your network.

rmalayter
  • 3,744
  • 19
  • 27
2

You could do something like:

tc qdisc add dev eth1 root handle 1: htb default 2
tc class add dev eth1 parent 1: classid 1:1 htb rate 2.4mbit
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.0.0/24 flowid 1:1

This would restrict traffic going out to the LAN (assuming eth1 is LAN) on the given subnet.

Linulin
  • 123
  • 8
Emmett
  • 21
  • 1
  • Please parse the above for us less gifted in reading the commands – vonbrand Mar 09 '13 at 00:41
  • @vonbrand When you see something like this in a post by a new user, it usually means that they don't understand how block formatting works here. It's not all on one line as they pasted it in. I've submitted an edit to address this. – Andrew B Mar 09 '13 at 00:45
  • 2
    @AndrewB, formatting would probably help, but a bit of explanation of the meaning would be wellcome. – vonbrand Mar 09 '13 at 00:58