Best qdisc for interfaces of a firewall?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dennis Jacobfeuerborn <dennisml@conversis.de>
To: lartc@vger.kernel.org
Subject: Best qdisc for interfaces of a firewall?
Date: Sun, 09 Nov 2014 00:57:02 +0000	[thread overview]
Message-ID: <545EBBDE.3040200@conversis.de> (raw)

Hi,
I just looked at the interfaces of our EdgeRouter Pro appliance that we
plan to replace (due to it apparently being overloaded at 150Mbit) and
see that they all have a qdisc of "noqueue".

What is the best qdisc to select for a pure firewall system? I can't
find any decent information about the various qdiscs and which to chose
in specific situations. For example there seems to exist a multiq
scheduler but I cannot find a lot of information about its
characteristics plus I already assigned the irq of each queue of the nic
to individual cores so I wonder if something like multiq is even necessary.

I'm also wondering about fairness and if that might be a legitimate
reason to chose somehting like noqueue so one flooding flow cannot hog
the queue and penalize all other flows.

Any ideas what would be a well performing yet fair choice here?

Regards,
  Dennis

next             reply	other threads:[~2014-11-09  0:57 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-09  0:57 Dennis Jacobfeuerborn [this message]
2014-11-09 13:58 ` Best qdisc for interfaces of a firewall? Dennis Jacobfeuerborn
2014-11-09 14:01 ` Alan Goodman
2014-11-09 15:01 ` josh Reynolds
2014-11-10 16:20 ` Rick Jones
2014-11-10 18:04 ` Dave Taht
2014-11-11  1:17 ` Dennis Jacobfeuerborn
2014-11-11  1:59 ` Stig Thormodsrud

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=545EBBDE.3040200@conversis.de \
    --to=dennisml@conversis.de \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.