I was missing an estimator
Quote:
If you use this method you must provide an estimator, although
nothing will complain if you don't. It just won't police any
packets.
|
http://linux-tc-notes.sourceforge.net/tc/doc/police.txt
It also turns out that there's no need for special ingress filter.
It is clearer and simpler to define class based policies on
UPDEV and DNDEV that look for the marked packets.
So the updated configuration uses fw matching to place the packets into queues.
I test using scp to copy a file downstream or upstream.
When run separately the downstream is slightly above RATE (1mbit/s).
The upstream start fast and stabilizes slightly below rate.
However, when both run concurrently the upstream copy slows down to 10% of RATE,
while the downstream works as well as before.
I'm not sure what's causing that. Could it be that the upstream tcp ack's (which
travel in opposite direction downstream) are crowded by the downstream copy.
If so how can I control that?