From: Optimum Wireless Services <wilson@optimumwireless.com>
To: netfilter@vger.kernel.org
Subject: Re: How can I test my tc script?
Date: Thu, 03 Feb 2011 12:18:44 -0400 [thread overview]
Message-ID: <1296749924.4183.14.camel@debian-laptop.OptimumWireless> (raw)
In-Reply-To: <20110203120131.38cd818d@catus>
On Thu, 2011-02-03 at 12:01 +0100, Marek Kierdelewicz wrote:
> >Hello.
>
> Hi,
>
> >I recently wrote a script that adds a new rule for an ip address each
> >time a new user is added to our network. I've noticed my tc rules work
> >...
> >Our network has about 120 users in total not all of these get connected
> >Are these rules ok?
>
> If you have such linear ruleset (iptables marking+tc filter) for 120
> users then it's will not work well. If my theory is right, check top
> when there are more users logged in. You'll probably see hi cpu usage
> in "si"/"hi" (software/hardware interrupt) fraction.
>
> You can easily optimize you ruleset by using:
> - tc u32 hashing filters [1] instead of iptables marking and fw tc
> filters;
> - shape upload on ifb device [2] in ingress before nat, so you can use
> tc u32 hashing filters too;
>
> With such setup Core2 duo 3GHz + dual port intel nic can easily
> (68% peak cpu usage) route symmetric 400mbit of traffic, doing per user
> shaping, nat and access control for >2k users.
>
>
> [1] http://lartc.org/howto/lartc.adv-filter.hashing.html
Based on the example in the above link, the authour creates 256 chains,
which I don't understand. This example also mentions that the ip
addresses are in the "basic", "medium", etc... plan and each of these
ips are in different rules.
My network is on 172.16.0.0 so, that means I need to take the same
aproach to create rules like this:
tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \
172.16.0.0 classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \
172.16.1.0 classid 2:1
..........
tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \
172.16.100.0 classid 99:1
???
so that means I would have to write: 254x254 = 64516 rules ? that
doesn't seem correct.
Please correct me and clear my mind... (I guess I have to do a lot of
reading)
> [2] http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb
>
> Best regards,
> Marek Kierdelewicz
next prev parent reply other threads:[~2011-02-03 16:18 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-03 2:17 How can I test my tc script? Optimum Wireless Services
2011-02-03 11:01 ` Marek Kierdelewicz
2011-02-03 14:13 ` Optimum Wireless Services
2011-02-03 15:06 ` Marek Kierdelewicz
2011-02-03 16:18 ` Optimum Wireless Services [this message]
2011-02-04 13:45 ` Optimum Wireless Services
2011-02-04 16:49 ` Optimum Wireless Services
2011-02-04 19:57 ` Optimum Wireless Services
2011-02-05 12:29 ` Andrew Beverley
2011-02-05 19:32 ` Marek Kierdelewicz
2011-02-05 19:29 ` Marek Kierdelewicz
2011-02-05 20:21 ` Marek Kierdelewicz
2011-02-06 0:05 ` Marek Kierdelewicz
2011-02-06 2:24 ` Optimum Wireless Services
2011-02-04 14:22 ` Michele Petrazzo - Unipex
2011-02-05 2:08 ` Andrew Beverley
2011-02-05 14:58 ` Marek Kierdelewicz
2011-02-05 16:37 ` Andrew Beverley
2011-02-05 16:48 ` good tutorial J Webster
2011-02-05 19:22 ` Andrew Beverley
2011-02-05 19:33 ` J Webster
2011-02-05 19:51 ` Bob Miller
2011-02-05 22:47 ` Andrew Beverley
2011-02-05 22:44 ` Andrew Beverley
2011-02-05 17:04 ` How can I test my tc script? Marek Kierdelewicz
2011-02-06 2:12 ` Optimum Wireless Services
2011-02-06 16:13 ` Andrew Beverley
2011-02-07 8:20 ` Michele Petrazzo - Unipex
2011-02-03 19:38 ` Andrew Beverley
2011-02-05 2:44 ` Optimum Wireless Services
2011-02-05 6:07 ` Optimum Wireless Services
2011-02-05 12:27 ` Andrew Beverley
2011-02-06 2:14 ` Optimum Wireless Services
2011-02-06 16:15 ` Andrew Beverley
2011-02-06 16:35 ` Optimum Wireless Services
2011-02-06 17:02 ` Andrew Beverley
2011-02-06 23:27 ` Optimum Wireless Services
2011-02-08 0:56 ` Andrew Beverley
2011-02-08 2:11 ` Optimum Wireless Services
2011-02-08 6:52 ` Andrew Beverley
2011-02-08 2:20 ` Optimum Wireless Services
2011-02-08 6:53 ` Andrew Beverley
2011-02-06 16:44 ` Marek Kierdelewicz
2011-02-06 23:31 ` Optimum Wireless Services
2011-02-08 0:58 ` Andrew Beverley
2011-02-05 12:35 ` Andrew Beverley
2011-02-06 2:17 ` Optimum Wireless Services
2011-02-06 15:54 ` Andrew Beverley
2011-02-06 16:28 ` Optimum Wireless Services
2011-02-06 17:11 ` Andrew Beverley
2011-02-06 23:33 ` Optimum Wireless Services
2011-02-08 1:01 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1296749924.4183.14.camel@debian-laptop.OptimumWireless \
--to=wilson@optimumwireless.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox