The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic. Packets from or to other interfaces have to be redirected to it using the mirred action in order to be handled, regularly routed traffic will be dropped. This way, a single stack of qdiscs, classes and filters can be shared between multiple interfaces.
Here's a simple example to feed incoming traffic from multiple interfaces through a Stochastic Fairness Queue (sfq):
(1) # modprobe ifb (2) # ip link set ifb0 up (3) # tc qdisc add dev ifb0 root sfqThe first step is to load the ifb kernel module (1). By default, this will create two ifb devices: ifb0 and ifb1. After setting ifb0 up in (2), the root qdisc is replaced by sfq in (3). Finally, one can start redirecting ingress traffic to ifb0, e.g. from eth0:
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: u32 \
match u32 0 0 \
action mirred egress redirect dev ifb0
The same can be done for other interfaces, just replacing eth0 in the two
commands above. One thing to keep in mind here is the asymmetrical routing this
creates within the host doing the QoS: Incoming packets enter the system via
ifb0, while corresponding replies leave directly via eth0. This can be observed
using tcpdump on ifb0, which shows the input part of the traffic only. What's
more confusing is that tcpdump on eth0 shows both incoming and outgoing traffic,
but the redirection is still effective - a simple prove is setting
ifb0 down,
which will interrupt the communication. Obviously tcpdump catches the packets to
dump before they enter the ingress qdisc, which is why it sees them while the
kernel itself doesn't.