[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lartc
Subject:    [LARTC] police rate doesn't work ?
From:       "Vitale Alessandro" <Alessandro.Vitale () elsag ! it>
Date:       2006-06-30 10:46:23
Message-ID: C103D39FF74DF4469EEAE6D38AA9E0B54A280D () els00wmx04 ! elsag ! it
[Download RAW message or body]


I would like to test police in ingress.
I use kernel 2.4.20.
I use this configuration:

iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport \
1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d \
10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING \
-i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j MARK --set-mark 3 iptables \
-t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1004 -j \
MARK --set-mark 4

tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate \
2500000 burst 90k drop tc filter add dev eth0 parent ffff: protocol ip prio 1 handle \
2 fw police rate 1500000 burst 90k drop tc filter add dev eth0 parent ffff: protocol \
ip prio 1 handle 3 fw police rate 1000000 burst 90k drop


I generate traffic with smartbits and i made this test:
1)len packet layer2 64 byte, packets per second 5500 = 2810000 bit per second
2)len packet layer2 1000 byte, packets per second 350 = 2800000 bit per second

The 2 test is good i receive a trafiic with 2500000 rate limit !
The problem is with 1 test because i received full band 2810000 without any limit!

Is there any problem with police rate? It doesn't work  with small packets?
I've to set some other usefull parameter?

Please help me ! 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


[prev in list] [next in list] [prev in thread] [next in thread]