extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Document new IN-BANDWIDTH handling

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-10-18 05:53:31 -07:00
parent dbe936c7c9
commit 15915799b9
4 changed files with 115 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
manpages/shorewall-tcdevices.xml
View File

@ -123,7 +123,7 @@
<varlistentry>
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]</term>
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
<listitem>
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
@ -145,6 +145,21 @@
<replaceable>bandwidth</replaceable> more accurate; often for fast
lines, the enforced rate is well below the specified
<replaceable>bandwidth</replaceable>.</para>
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with
a tilde ("~"). The optional interval and decay_interval determine
how often the rate is estimated and how many samples are retained
for estimating. Please see <ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
for details.</para>
</listitem>
</varlistentry>
@ -231,6 +246,9 @@
<para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),

59
manpages/shorewall-tcinterfaces.xml
View File

@ -141,32 +141,44 @@
</varlistentry>
<varlistentry>
<term>IN-BANDWIDTH (in_bandwidth) -
[<replaceable>rate</replaceable>[:<replaceable>burst</replaceable>]]</term>
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
<listitem>
<para>Optional. If specified, enables ingress policing on the
interface. If incoming traffic exceeds the given
<replaceable>rate</replaceable>, received packets are dropped
randomly. With some DSL and Cable links, large queues can build up
in the ISP's gateway router. While this insures maximum throughput,
it kills interactive response time. By setting IN-BANDWIDTH, you can
eliminate these queues.</para>
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
Please note that you are not able to do traffic shaping on incoming
traffic, as the traffic is already received before you could do so.
But this allows you to define the maximum traffic allowed for this
interface in total, if the rate is exceeded, the packets are
dropped. You want this mainly if you have a DSL or Cable connection
to avoid queuing at your providers side.</para>
<para>To pick an appropriate setting, we recommend that you start by
setting it significantly below your measured download bandwidth (20%
or so). While downloading, measure the ping response time from the
firewall to the upstream router as you gradually increase the
setting.The optimal setting is at the point beyond which the ping
time increases sharply as you increase the setting.</para>
<para>If you don't want any traffic to be dropped, set this to a
value to zero in which case Shorewall will not create an ingress
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
non-empty.</para>
<para>The <replaceable>burst</replaceable> option was added in
Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
<replaceable>burst</replaceable> size can help make the
<replaceable>rate</replaceable> estimate more accurate on fast
lines. The default <replaceable>burst</replaceable> often make the
enforced rate mush less that the specified
<replaceable>rate</replaceable>.</para>
<para>The optional burst option was added in Shorewall 4.4.18. The
default <replaceable>burst</replaceable> is 10kb. A larger
<replaceable>burst</replaceable> can help make the
<replaceable>bandwidth</replaceable> more accurate; often for fast
lines, the enforced rate is well below the specified
<replaceable>bandwidth</replaceable>.</para>
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with
a tilde ("~"). The optional interval and decay_interval determine
how often the rate is estimated and how many samples are retained
for estimating. Please see <ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
for details.</para>
</listitem>
</varlistentry>
@ -204,6 +216,9 @@
<para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt</ulink></para>
<para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),

27
manpages6/shorewall6-tcdevices.xml
View File

@ -123,9 +123,8 @@
</varlistentry>
<varlistentry>
<term><emphasis role="bold">IN-BANDWIDTH</emphasis> (in_bandwidth) -
<emphasis
role="bold"><replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]</emphasis></term>
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
<listitem>
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
@ -137,16 +136,31 @@
to avoid queuing at your providers side.</para>
<para>If you don't want any traffic to be dropped, set this to a
value to zero in which case Shorewall6 will not create an ingress
value to zero in which case Shorewall will not create an ingress
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
non-empty.</para>
<para>The optional burst option was added in Shorewall6 4.4.18. The
<para>The optional burst option was added in Shorewall 4.4.18. The
default <replaceable>burst</replaceable> is 10kb. A larger
<replaceable>burst</replaceable> can help make the
<replaceable>bandwidth</replaceable> more accurate; often for fast
lines, the enforced rate is well below the specified
<replaceable>bandwidth</replaceable>.</para>
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with
a tilde ("~"). The optional interval and decay_interval determine
how often the rate is estimated and how many samples are retained
for estimating. Please see <ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
for details.</para>
</listitem>
</varlistentry>
@ -231,6 +245,9 @@
<para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
<para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),

59
manpages6/shorewall6-tcinterfaces.xml
View File

@ -141,32 +141,44 @@
</varlistentry>
<varlistentry>
<term>IN-BANDWIDTH (in_bandwidth) -
[<replaceable>rate</replaceable>[:<replaceable>burst</replaceable>]]</term>
<term><emphasis role="bold">IN-BANDWIDTH (in_bandwidth)</emphasis> -
{-|<replaceable>bandwidth</replaceable>[:<replaceable>burst</replaceable>]|~<replaceable>bandwidth</replaceable>[:<replaceable>interval</replaceable>:<replaceable>decay_interval</replaceable>]}</term>
<listitem>
<para>Optional. If specified, enables ingress policing on the
interface. If incoming traffic exceeds the given
<replaceable>rate</replaceable>, received packets are dropped
randomly. With some DSL and Cable links, large queues can build up
in the ISP's gateway router. While this insures maximum throughput,
it kills interactive response time. By setting IN-BANDWIDTH, you can
eliminate these queues.</para>
<para>The incoming <emphasis>bandwidth</emphasis> of that interface.
Please note that you are not able to do traffic shaping on incoming
traffic, as the traffic is already received before you could do so.
But this allows you to define the maximum traffic allowed for this
interface in total, if the rate is exceeded, the packets are
dropped. You want this mainly if you have a DSL or Cable connection
to avoid queuing at your providers side.</para>
<para>To pick an appropriate setting, we recommend that you start by
setting it significantly below your measured download bandwidth (20%
or so). While downloading, measure the ping response time from the
firewall to the upstream router as you gradually increase the
setting.The optimal setting is at the point beyond which the ping
time increases sharply as you increase the setting.</para>
<para>If you don't want any traffic to be dropped, set this to a
value to zero in which case Shorewall will not create an ingress
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
non-empty.</para>
<para>The <replaceable>burst</replaceable> option was added in
Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
<replaceable>burst</replaceable> size can help make the
<replaceable>rate</replaceable> estimate more accurate on fast
lines. The default <replaceable>burst</replaceable> often make the
enforced rate mush less that the specified
<replaceable>rate</replaceable>.</para>
<para>The optional burst option was added in Shorewall 4.4.18. The
default <replaceable>burst</replaceable> is 10kb. A larger
<replaceable>burst</replaceable> can help make the
<replaceable>bandwidth</replaceable> more accurate; often for fast
lines, the enforced rate is well below the specified
<replaceable>bandwidth</replaceable>.</para>
<para>What is described above creates a rate/burst policing filter.
Beginning with Shorewall 4.4.25, a rate-estimated policing filter
may be configured instead. Rate-estimated filters should be used
with ethernet adapters that have Generic Receive Offload enabled by
default. See <ulink
url="http://www.shorewall.net/FAQ.htm#faq97a">Shorewall FAQ
97a</ulink>.</para>
<para>To create a rate-estimated filter, precede the bandwidth with
a tilde ("~"). The optional interval and decay_interval determine
how often the rate is estimated and how many samples are retained
for estimating. Please see <ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink>
for details.</para>
</listitem>
</varlistentry>
@ -204,6 +216,9 @@
<para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt</ulink></para>
<para><ulink
url="http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt">http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt</ulink></para>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),