From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ed Wildgoose Date: Tue, 22 Jun 2004 07:09:13 +0000 Subject: Re: [LARTC] CBQ troubles, processor overload Message-Id: <40D7DB19.9080805@wildgooses.com> List-Id: References: <01eb01c457f0$5e00e120$903113d8@uranus> In-Reply-To: <01eb01c457f0$5e00e120$903113d8@uranus> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > The problem I'm running into is that the processor gets >overloaded because of the amount of work tc is doing. I assumed it would >be able to handle the apx 5000 customers we have on it. I have a bridge >set up between two devices that run from the internet to the local >network. This bridge takes up 20% of the CPU when tc is not enabled. >When tc becomes enabled, it finishes off the rest of the CPU and eats >most of the queue as well. > > 5,000 rules is significant. Have a look at the hashing examples in the LARTC howto for some ideas on how to slash bandwidth required. There is also a high performance iptables project kicking around which does much better for large rulesets. Since you don't seem to need anything advanced I would have thought this was a drop in replacement. Have a look at http://www.hipac.org/index.htm - Never used it though, just came across it on google. I think there is another chap who posted a few hours earlier may be really interested in your perl script to read users from the DB and build rules. If you have any kind of traffic accounting I think he would be interested in that as well. Want to share any of that...? Good luck Ed W _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/