Bandwith control by Netfilter ACL


Userlevel 1
Hello,

I am working on how to limit the bandwidth from ACL.

However, there are some problem there.

Example, I need to limit the bandwidth for port swp34 with 20Mbit/s

Then I apply following acl rule

[iptables]
-A FORWARD -i swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1
-A FORWARD -o swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1

But when I do iperf test. The result looks like already limited to 1Mbps
----
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 1.20 MBytes 1.00 Mbits/sec 551 sender
[ 4] 0.00-10.00 sec 1.07 MBytes 901 Kbits/sec receiver
----

Could you please advise how should set config correctly?

Thanks!

4 replies

Could it be because of testing method?

-b, --bandwidth n[km]
set target bandwidth to n bits/sec (default 1 Mbit/sec for UDP, unlimited for TCP).

Userlevel 3
Assuming the host running iPerf is connected to swp34? Generally the problem with iPerf is it is bound by the CPU power. I personally don't think iPerf (v2) is worth using. I would recommend iPerf3 or nuttcp, and use the options to optimize the host resources. Check out our KB on this (which I need to update with some new tricks). Give this a try for a 1 minute test:
Server: iperf3 -s
Client: iperf3 -t60 -i5 -Z -c 
Hi!

What is the delay between two hosts? Maybe problem in big delay and small default TCP window. To use custom TCP window set "-w " parameter to 2M - it will be enough in all cases.
Userlevel 1
Hello,

Thanks for all suggestion.

I am using iperf3 during the test and both testing host is connected into same switch, so I think it is not affected by other switch issue.

I have tested again with following parameters at sender side
 iperf3 -c 192.168.88.18 -i 5 -t60 -w2M -Z
This time result is below:

- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-60.04 sec 13.0 MBytes 1.82 Mbits/sec 6190 sender
[ 5] 0.00-60.04 sec 12.7 MBytes 1.78 Mbits/sec receiver
----------------------------------------------

But it still did not reach to 20Mbp/s . Does my setup is wrong?

--
[iptables]
-A FORWARD -i swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1
-A FORWARD -o swp34 -j POLICE --set-mode KB --set-rate 2500 --set-burst 1
---

Please advise.

Thanks!

Reply