http://m.getsatisfaction.com/topics/7735046 Bandwith control by Netfilter ACL 2018-05-16T05:47:19Z 2018-05-14T08:58:28Z 7735046 http://m.getsatisfaction.com/topics/7735046 7735046 Bandwith control by Netfilter ACL 2018-05-16T05:47:19Z 2018-05-14T08:58:28Z machiasiaweb http://m.getsatisfaction.com/people/8646794 https://www.gravatar.com/avatar/51df74a2557ebb6b4a64ccd9185e885b?d=identicon&s=55&r=PG machiasiaweb_machi_ma Hello,<br /><br />I am working on how to limit the bandwidth from ACL.&nbsp; <br /><br />However, there are some problem there.<br /><br />Example, I need to limit the bandwidth for port swp34 with 20Mbit/s<br /><br />Then I apply following acl rule<br /><br />[iptables]<br />-A FORWARD -i swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1<br />-A FORWARD -o swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1<br /><br />But when I do iperf test.&nbsp; The result looks like already limited to 1Mbps<br />----<br />[ ID] Interval&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Transfer&nbsp;&nbsp;&nbsp;&nbsp; Bandwidth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Retr<br />[&nbsp; 4]&nbsp;&nbsp; 0.00-10.00&nbsp; sec&nbsp; 1.20 MBytes&nbsp; 1.00 Mbits/sec&nbsp; 551&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sender<br />[&nbsp; 4]&nbsp;&nbsp; 0.00-10.00&nbsp; sec&nbsp; 1.07 MBytes&nbsp;&nbsp; 901 Kbits/sec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; receiver<br />----<br /><br />Could you please advise how should set config correctly?<br /><br />Thanks! question 4 4 1 comment http://m.getsatisfaction.com/topics/7735046/replies/19520875 http://m.getsatisfaction.com/topics/7735046 19520875 Jakub Bitenc responded to "Bandwith control by Netfilter ACL" 2018-05-14T12:29:33Z 2018-05-14T12:29:33Z Jakub Bitenc http://m.getsatisfaction.com/people/9266691 https://www.gravatar.com/avatar/f37a48ddafcf5c3aef641c8ae0021842?d=identicon&s=55&r=PG jakub_bitenc Could it be because of testing method?<br /><br />-b, --bandwidth n[KM]<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set target bandwidth to n bits/sec (<b>default 1 Mbit/sec for UDP</b>, unlimited for TCP). 0 http://m.getsatisfaction.com/topics/7735046/replies/19521260 http://m.getsatisfaction.com/topics/7735046 19521260 Jason Guy responded to "Bandwith control by Netfilter ACL" 2018-05-14T14:57:01Z 2018-05-14T14:57:01Z Jason Guy http://m.getsatisfaction.com/people/7610836 https://d2r1vs3d9006ap.cloudfront.net/public/uploaded_images/10572443/photo_medium.jpg jason_guy Assuming the host running iPerf is connected to swp34? Generally the problem with iPerf is it is bound by the CPU power. I personally don't think iPerf (v2) is worth using. I would recommend iPerf3 or nuttcp, and use the options to optimize the host resources. Check out our <a href="https://support.cumulusnetworks.com/hc/en-us/articles/216509388-Throughput-Testing-and-Troubleshooting#optimizations" rel="nofollow" target="_blank">KB</a> on this (which I need to update with some new tricks). Give this a try for a 1 minute test:<br /><pre>Server:&nbsp;iperf3 -s</pre><pre>Client:&nbsp;iperf3 -t60 -i5 -Z -c &lt;remotehost&gt;</pre> 0 http://m.getsatisfaction.com/topics/7735046/replies/19521287 http://m.getsatisfaction.com/topics/7735046 19521287 Anton Lopatin responded to "Bandwith control by Netfilter ACL" 2018-05-14T15:03:52Z 2018-05-14T15:03:52Z Anton Lopatin http://m.getsatisfaction.com/people/9447017 https://www.gravatar.com/avatar/b4bf1e72209e603e7284e1f52ee215a1?d=identicon&s=55&r=PG anton_lopatin Hi!<br /><br />What is the delay between two hosts? Maybe problem in big delay and small default TCP window. To use custom TCP window set "-w " parameter to 2M - it will be enough in all cases. 0 http://m.getsatisfaction.com/topics/7735046/replies/19525338 http://m.getsatisfaction.com/topics/7735046 19525338 machiasiaweb responded to "Bandwith control by Netfilter ACL" 2018-05-16T05:47:19Z 2018-05-16T05:47:19Z machiasiaweb http://m.getsatisfaction.com/people/8646794 https://www.gravatar.com/avatar/51df74a2557ebb6b4a64ccd9185e885b?d=identicon&s=55&r=PG machiasiaweb_machi_ma Hello,<br /><br />Thanks for all suggestion.<br /><br />I am using iperf3 during the test and both testing host is connected into same switch, so I think it is not affected by other switch issue.<br /><br />I have tested again with following parameters at sender side<br /><pre>&nbsp;iperf3 -c 192&#46;168&#46;88&#46;18 -i 5 -t60 -w2M -Z</pre>This time result is below:<br /><br />- - - - - - - - - - - - - - - - - - - - - - - - -<br />[ ID] Interval&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Transfer&nbsp;&nbsp;&nbsp;&nbsp; Bandwidth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Retr<br />[&nbsp; 5]&nbsp;&nbsp; 0.00-60.04&nbsp; sec&nbsp; 13.0 MBytes&nbsp; 1.82 Mbits/sec&nbsp; 6190&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sender<br />[&nbsp; 5]&nbsp;&nbsp; 0.00-60.04&nbsp; sec&nbsp; 12.7 MBytes&nbsp; 1.78 Mbits/sec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; receiver<br />----------------------------------------------<br /><br />But it still did not reach to 20Mbp/s .&nbsp; Does my setup is wrong?<br /><br />--<br />[iptables]<br />-A FORWARD -i swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1<br />-A FORWARD -o swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1<br />---<br /><br />Please advise.<br /><br />Thanks! 0