mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-19 17:28:35 +02:00
Document new IN-BANDWIDTH handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
dbe936c7c9
commit
15915799b9
@ -123,7 +123,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
|
||||
<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]</term>
|
||||
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
|
||||
|
||||
<listitem>
|
||||
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
|
||||
@ -145,6 +145,21 @@
|
||||
<replaceable>bandwidth</replaceable> more accurate; often for fast
|
||||
lines, the enforced rate is well below the specified
|
||||
<replaceable>bandwidth</replaceable>.</para>
|
||||
|
||||
<para>What is described above creates a rate/burst policing filter.
|
||||
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
|
||||
may be configured instead. Rate-estimated filters should be used
|
||||
with ethernet adapters that have Generic Receive Offload enabled by
|
||||
default. See <ulink
|
||||
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
|
||||
97a</ulink>.</para>
|
||||
|
||||
<para>To create a rate-estimated filter, precede the bandwidth with
|
||||
a tilde ("~"). The optional interval and decay_interval determine
|
||||
how often the rate is estimated and how many samples are retained
|
||||
for estimating. Please see <ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
|
||||
for details.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -231,6 +246,9 @@
|
||||
<para><ulink
|
||||
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
|
||||
|
||||
<para><ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
|
||||
|
||||
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
|
||||
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
|
||||
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
|
||||
|
@ -141,32 +141,44 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>IN-BANDWIDTH (in_bandwidth) -
|
||||
[<replaceable>rate</replaceable>[:<replaceable>burst</replaceable>]]</term>
|
||||
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
|
||||
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Optional. If specified, enables ingress policing on the
|
||||
interface. If incoming traffic exceeds the given
|
||||
<replaceable>rate</replaceable>, received packets are dropped
|
||||
randomly. With some DSL and Cable links, large queues can build up
|
||||
in the ISP's gateway router. While this insures maximum throughput,
|
||||
it kills interactive response time. By setting IN-BANDWIDTH, you can
|
||||
eliminate these queues.</para>
|
||||
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
|
||||
Please note that you are not able to do traffic shaping on incoming
|
||||
traffic, as the traffic is already received before you could do so.
|
||||
But this allows you to define the maximum traffic allowed for this
|
||||
interface in total, if the rate is exceeded, the packets are
|
||||
dropped. You want this mainly if you have a DSL or Cable connection
|
||||
to avoid queuing at your providers side.</para>
|
||||
|
||||
<para>To pick an appropriate setting, we recommend that you start by
|
||||
setting it significantly below your measured download bandwidth (20%
|
||||
or so). While downloading, measure the ping response time from the
|
||||
firewall to the upstream router as you gradually increase the
|
||||
setting.The optimal setting is at the point beyond which the ping
|
||||
time increases sharply as you increase the setting.</para>
|
||||
<para>If you don't want any traffic to be dropped, set this to a
|
||||
value to zero in which case Shorewall will not create an ingress
|
||||
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
|
||||
non-empty.</para>
|
||||
|
||||
<para>The <replaceable>burst</replaceable> option was added in
|
||||
Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
|
||||
<replaceable>burst</replaceable> size can help make the
|
||||
<replaceable>rate</replaceable> estimate more accurate on fast
|
||||
lines. The default <replaceable>burst</replaceable> often make the
|
||||
enforced rate mush less that the specified
|
||||
<replaceable>rate</replaceable>.</para>
|
||||
<para>The optional burst option was added in Shorewall 4.4.18. The
|
||||
default <replaceable>burst</replaceable> is 10kb. A larger
|
||||
<replaceable>burst</replaceable> can help make the
|
||||
<replaceable>bandwidth</replaceable> more accurate; often for fast
|
||||
lines, the enforced rate is well below the specified
|
||||
<replaceable>bandwidth</replaceable>.</para>
|
||||
|
||||
<para>What is described above creates a rate/burst policing filter.
|
||||
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
|
||||
may be configured instead. Rate-estimated filters should be used
|
||||
with ethernet adapters that have Generic Receive Offload enabled by
|
||||
default. See <ulink
|
||||
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
|
||||
97a</ulink>.</para>
|
||||
|
||||
<para>To create a rate-estimated filter, precede the bandwidth with
|
||||
a tilde ("~"). The optional interval and decay_interval determine
|
||||
how often the rate is estimated and how many samples are retained
|
||||
for estimating. Please see <ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
|
||||
for details.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -204,6 +216,9 @@
|
||||
<para><ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt</ulink></para>
|
||||
|
||||
<para><ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
|
||||
|
||||
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
|
||||
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
|
||||
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
|
||||
|
@ -123,9 +123,8 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">IN-BANDWIDTH</emphasis> (in_bandwidth) -
|
||||
<emphasis
|
||||
role="bold"><replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]</emphasis></term>
|
||||
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
|
||||
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
|
||||
|
||||
<listitem>
|
||||
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
|
||||
@ -137,16 +136,31 @@
|
||||
to avoid queuing at your providers side.</para>
|
||||
|
||||
<para>If you don't want any traffic to be dropped, set this to a
|
||||
value to zero in which case Shorewall6 will not create an ingress
|
||||
value to zero in which case Shorewall will not create an ingress
|
||||
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
|
||||
non-empty.</para>
|
||||
|
||||
<para>The optional burst option was added in Shorewall6 4.4.18. The
|
||||
<para>The optional burst option was added in Shorewall 4.4.18. The
|
||||
default <replaceable>burst</replaceable> is 10kb. A larger
|
||||
<replaceable>burst</replaceable> can help make the
|
||||
<replaceable>bandwidth</replaceable> more accurate; often for fast
|
||||
lines, the enforced rate is well below the specified
|
||||
<replaceable>bandwidth</replaceable>.</para>
|
||||
|
||||
<para>What is described above creates a rate/burst policing filter.
|
||||
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
|
||||
may be configured instead. Rate-estimated filters should be used
|
||||
with ethernet adapters that have Generic Receive Offload enabled by
|
||||
default. See <ulink
|
||||
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
|
||||
97a</ulink>.</para>
|
||||
|
||||
<para>To create a rate-estimated filter, precede the bandwidth with
|
||||
a tilde ("~"). The optional interval and decay_interval determine
|
||||
how often the rate is estimated and how many samples are retained
|
||||
for estimating. Please see <ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
|
||||
for details.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -231,6 +245,9 @@
|
||||
<para><ulink
|
||||
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
||||
|
||||
<para><ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
|
||||
|
||||
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
|
||||
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
|
||||
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
|
||||
|
@ -141,32 +141,44 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>IN-BANDWIDTH (in_bandwidth) -
|
||||
[<replaceable>rate</replaceable>[:<replaceable>burst</replaceable>]]</term>
|
||||
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
|
||||
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Optional. If specified, enables ingress policing on the
|
||||
interface. If incoming traffic exceeds the given
|
||||
<replaceable>rate</replaceable>, received packets are dropped
|
||||
randomly. With some DSL and Cable links, large queues can build up
|
||||
in the ISP's gateway router. While this insures maximum throughput,
|
||||
it kills interactive response time. By setting IN-BANDWIDTH, you can
|
||||
eliminate these queues.</para>
|
||||
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
|
||||
Please note that you are not able to do traffic shaping on incoming
|
||||
traffic, as the traffic is already received before you could do so.
|
||||
But this allows you to define the maximum traffic allowed for this
|
||||
interface in total, if the rate is exceeded, the packets are
|
||||
dropped. You want this mainly if you have a DSL or Cable connection
|
||||
to avoid queuing at your providers side.</para>
|
||||
|
||||
<para>To pick an appropriate setting, we recommend that you start by
|
||||
setting it significantly below your measured download bandwidth (20%
|
||||
or so). While downloading, measure the ping response time from the
|
||||
firewall to the upstream router as you gradually increase the
|
||||
setting.The optimal setting is at the point beyond which the ping
|
||||
time increases sharply as you increase the setting.</para>
|
||||
<para>If you don't want any traffic to be dropped, set this to a
|
||||
value to zero in which case Shorewall will not create an ingress
|
||||
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
|
||||
non-empty.</para>
|
||||
|
||||
<para>The <replaceable>burst</replaceable> option was added in
|
||||
Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
|
||||
<replaceable>burst</replaceable> size can help make the
|
||||
<replaceable>rate</replaceable> estimate more accurate on fast
|
||||
lines. The default <replaceable>burst</replaceable> often make the
|
||||
enforced rate mush less that the specified
|
||||
<replaceable>rate</replaceable>.</para>
|
||||
<para>The optional burst option was added in Shorewall 4.4.18. The
|
||||
default <replaceable>burst</replaceable> is 10kb. A larger
|
||||
<replaceable>burst</replaceable> can help make the
|
||||
<replaceable>bandwidth</replaceable> more accurate; often for fast
|
||||
lines, the enforced rate is well below the specified
|
||||
<replaceable>bandwidth</replaceable>.</para>
|
||||
|
||||
<para>What is described above creates a rate/burst policing filter.
|
||||
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
|
||||
may be configured instead. Rate-estimated filters should be used
|
||||
with ethernet adapters that have Generic Receive Offload enabled by
|
||||
default. See <ulink
|
||||
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
|
||||
97a</ulink>.</para>
|
||||
|
||||
<para>To create a rate-estimated filter, precede the bandwidth with
|
||||
a tilde ("~"). The optional interval and decay_interval determine
|
||||
how often the rate is estimated and how many samples are retained
|
||||
for estimating. Please see <ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
|
||||
for details.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -204,6 +216,9 @@
|
||||
<para><ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt</ulink></para>
|
||||
|
||||
<para><ulink
|
||||
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
|
||||
|
||||
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
|
||||
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
|
||||
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
|
||||
|
Loading…
x
Reference in New Issue
Block a user