Need your advice
-
Hello
You guys here are expert on traffic shaping, So can someone tell me if this statement is correct :
–---------
Any router/firewall can only really shape outgoing traffic.
The reason for this is simple, the packets were already received by your network card before
you can decide what to do with them.
So the only choice would be to drop them which normally makes no sense
(since you received the packet already, it went through the possible bottleneck (the incoming connection).
The next possible bottleneck might come if the packet leaves on another interface,
so this will be the place where queuing might occur. So, defining queues for incoming packets is not very useful,
you just want to have it forwarded to the outgoing interface as fast as possible.There is one exception, though.
Limiting incoming traffic to a value a bit slower than your actual line speed will avoid queueing on the other end of that connection.
This is mostly useful if you don't have access to traffic control on the other side and if this other side has a faster network connection
than you do (the line speed between the systems is the bottleneck, e.g. a DSL or Cable Modem connection to your provider's router,
the router itself is normally connected to a much faster backbone).
So, if you drop packets that are coming in too fast, the underlying protocol might recognize this and slow down the connection.
TCP has a builtin mechanism for this, UDP has not (but the protocol over UDP might recognize it , if there is any). -
That's correct though there are some mechanisms to throttle the opposite end.
See http://www.openbsd.org/faq/pf/queueing.html#red and http://www.openbsd.org/faq/pf/queueing.html#ecn for some backend information of the shaper pfSense uses.