I will be out of the office from 8/19 until 8/23. I will be returning on Monday afternoon, 8/26, and will reply then. Thank you, Michael Pellegrino Softerware, Inc. ___________________________________________________________________________ Subject: LARTC digest, Vol 1 #735 - 3 msgs From: lartc@mailman.ds9a.nl Date: 08/23/02 01:27:45 Send LARTC mailing list submissions to lartc@mailman.ds9a.nl To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to lartc-request@mailman.ds9a.nl You can reach the person managing the list at lartc-admin@mailman.ds9a.nl When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today's Topics: 1. Re: Q: best solution to stop traffic to huge amount of unregisteredhosts (Gerry Creager N5JXS) 2. psched_tod_diff function (Pedro Larroy) 3. Re: HTB is in 2.4.20pre1,2 (Pedro Larroy) --__--__-- Message: 1 Date: Thu, 22 Aug 2002 19:02:26 -0500 From: Gerry Creager N5JXS <n5jxs@tamu.edu> Reply-To: n5jxs@tamu.edu Organization: Da House To: Karl Gaissmaier <karl.gaissmaier@rz.uni-ulm.de> Cc: Linux Advanced Routing & Traffic Control <lartc@mailman.ds9a.nl> Subject: Re: Q: best solution to stop traffic to huge amount of unregisteredhosts Karl Gaissmaier wrote: > Gerry Creager N5JXS schrieb: > >>The answers are not necessarily pretty. >> >>I've done a similar task with a Juniper M5 router. It will handle up to >>about 180,000 rules at wire speed. But it is expensive. >> >>If your switches were a little newer, we could use 802.1x to enable the >>switch-use capability flag (:-) and solve the problem. > > > you know, 10k hosts are never attached to a network with homogenous > new network devices :-( Unfortunately, I do. We have 50k hosts, more or less, on 2 class B address spaces. We have about 200 buildings, and I'm not sure how many wiring closet switches. And worse, yet, how many wiring closet hubs! Our (switched) dorm hosts are about 10k. So, I understand the issues. The comment about newer gear, and 802.1x, however, stands. This will provide some capability to handle registered hosts in the future, perhaps... but I remain skeptical. >>Instead of policing at a single edge point, you might consider policing >>at dormatory and building edges, where the load is smaller and you can >>use masking and diminsh the ruleset some more. > > > but the management is very difficult, see above Correct, but you have several management issues. One is unnecessary delays while filtering, marking and queuing. Another is device configuration. I've found little existing useful software for real-life multiple device (and heterogeneous device) management. And none I'm willing to pay for. I _do_ have a team of graduate students who are working on a heterogeneous-environment configuration tool, but it's not nearly ready for prime time. >>With a sufficiently fast box, or series of boxes, doing specific tasks, >>you should be able to do this. Folks like Juniper achieve it by being >>able to classify and mark in ASIC without having to go to the processor. > > > Netfilter and iproute2/tc is very good but I miss just a fast > matching module for a "pool" of ip addresses and the missing tc-cref > or better documented tc examples, especially dealing with general > ingress policing. We have experimented with A Juniper M5, as a shaping and filtering box for specific applications. It worked well in the tests, but is an expensive toy for this. You might consider a Sitara box for some off your work. I prefer the Linux approach, too, but there are times where scalability, due to the state of the art (and certainly not for want of advancement in the state of the art!) means a commercial solution. What HAS happened, though, is that my expectations for the commercial products are now higher than they were... and the salesmen are somewhat worried. Regards, Gerry --__--__-- Message: 2 Date: Fri, 23 Aug 2002 04:33:31 +0200 To: lartc@mailman.ds9a.nl From: Pedro Larroy <piotr@omega.resa.es> Subject: psched_tod_diff function Hi I don't understand what psched_tod_diff function in net/sched/sch_api.c does, so I don't know what PSCHED_TDIFF_SAFE does in sch_tbf.c Any help will be apreciated. -- ... ___________________________________________________________ ... | /| |\ | | /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr |-\ | | /--| No MS-Office attachments please. |--\ | o-|--| e-mail: piotr@omega.resa.es |--|-o | \-| finger piotr@omega.resa.es for public key and info |-/ | |...\|_________________________________________________________|/...| --__--__-- Message: 3 Date: Fri, 23 Aug 2002 04:36:12 +0200 To: lartc@mailman.ds9a.nl Subject: Re: HTB is in 2.4.20pre1,2 From: Pedro Larroy <piotr@omega.resa.es> On Wed, Aug 14, 2002 at 11:32:05PM +0200, devik wrote: > Hi, > for those who haven't realized it yet. It is in 2.4.20pre2, > 2.5.xx, should go into new iproute2 package and I have informations > about possibility to have it in 2.2 soon. > > devik Congratulations devik :) Regards. -- ... ___________________________________________________________ ... | /| |\ | | /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr |-\ | | /--| No MS-Office attachments please. |--\ | o-|--| e-mail: piotr@omega.resa.es |--|-o | \-| finger piotr@omega.resa.es for public key and info |-/ | |...\|_________________________________________________________|/...| --__--__-- _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc End of LARTC Digest _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/