From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dennis Jacobfeuerborn <dennisml@conversis.de>
Date: Sun, 09 Nov 2014 00:57:02 +0000
Subject: Best qdisc for interfaces of a firewall?
Message-Id: <545EBBDE.3040200@conversis.de>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,
I just looked at the interfaces of our EdgeRouter Pro appliance that we
plan to replace (due to it apparently being overloaded at 150Mbit) and
see that they all have a qdisc of "noqueue".

What is the best qdisc to select for a pure firewall system? I can't
find any decent information about the various qdiscs and which to chose
in specific situations. For example there seems to exist a multiq
scheduler but I cannot find a lot of information about its
characteristics plus I already assigned the irq of each queue of the nic
to individual cores so I wonder if something like multiq is even necessary.

I'm also wondering about fairness and if that might be a legitimate
reason to chose somehting like noqueue so one flooding flow cannot hog
the queue and penalize all other flows.

Any ideas what would be a well performing yet fair choice here?

Regards,
  Dennis