Re: LARTC digest, Vol 1 #735 - 3 msgs

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I will be out of the office from 8/19 until 8/23.  I will be returning on Monday
afternoon, 8/26, and will reply then.

Thank you,

Michael Pellegrino
Softerware, Inc.

___________________________________________________________________________
Subject: LARTC digest, Vol 1 #735 - 3 msgs
From: lartc@mailman.ds9a.nl
Date: 08/23/02 01:27:45

Send LARTC mailing list submissions to
	lartc@mailman.ds9a.nl

To subscribe or unsubscribe via the World Wide Web, visit
	http://mailman.ds9a.nl/mailman/listinfo/lartc
or, via email, send a message with subject or body 'help' to
	lartc-request@mailman.ds9a.nl

You can reach the person managing the list at
	lartc-admin@mailman.ds9a.nl

When replying, please edit your Subject line so it is more specific
than "Re: Contents of LARTC digest..."


Today's Topics:

   1. Re: Q: best solution to stop traffic to huge amount of  unregisteredhosts (Gerry Creager N5JXS)
   2. psched_tod_diff function (Pedro Larroy)
   3. Re: HTB is in 2.4.20pre1,2 (Pedro Larroy)

--__--__--

Message: 1
Date: Thu, 22 Aug 2002 19:02:26 -0500
From: Gerry Creager N5JXS <n5jxs@tamu.edu>
Reply-To: n5jxs@tamu.edu
Organization: Da House
To: Karl Gaissmaier <karl.gaissmaier@rz.uni-ulm.de>
Cc: Linux Advanced Routing & Traffic Control <lartc@mailman.ds9a.nl>
Subject: Re:  Q: best solution to stop traffic to huge amount of  unregisteredhosts

Karl Gaissmaier wrote:
> Gerry Creager N5JXS schrieb:
> 
>>The answers are not necessarily pretty.
>>
>>I've done a similar task with a Juniper M5 router.  It will handle up to
>>about 180,000 rules at wire speed.  But it is expensive.
>>
>>If your switches were a little newer, we could use 802.1x to enable the
>>switch-use capability flag (:-) and solve the problem.
> 
> 
> you know, 10k hosts are never attached to a network with homogenous
> new network devices :-(

Unfortunately, I do.  We have 50k hosts, more or less, on 2 class B 
address spaces.  We have about 200 buildings, and I'm not sure how many 
wiring closet switches.  And worse, yet, how many wiring closet hubs!

Our (switched) dorm hosts are about 10k.

So, I understand the issues.  The comment about newer gear, and 802.1x, 
however, stands.  This will provide some capability to handle registered 
hosts in the future, perhaps... but I remain skeptical.

>>Instead of policing at a single edge point, you might consider policing
>>at dormatory and building edges, where the load is smaller and you can
>>use masking and diminsh the ruleset some more.
> 
> 
> but the management is very difficult, see above

Correct, but you have several management issues.  One is unnecessary 
delays while filtering, marking and queuing.  Another is device 
configuration.  I've found little existing useful software for real-life 
multiple device (and heterogeneous device) management.  And none I'm 
willing to pay for.  I _do_ have a team of graduate students who are 
working on a heterogeneous-environment configuration tool, but it's not 
nearly ready for prime time.

>>With a sufficiently fast box, or series of boxes, doing specific tasks,
>>you should be able to do this.  Folks like Juniper achieve it by being
>>able to classify and mark in ASIC without having to go to the processor.
> 
> 
> Netfilter and iproute2/tc is very good but I miss just a fast
> matching module for a "pool" of ip addresses and the missing tc-cref
> or better documented tc examples, especially dealing with general
> ingress policing.

We have experimented with A Juniper M5, as a shaping and filtering box 
for specific applications.  It worked well in the tests, but is an 
expensive toy for this.  You might consider a Sitara box for some off 
your work.

I prefer the Linux approach, too, but there are times where scalability, 
due to the state of the art (and certainly not for want of advancement 
in the state of the art!) means a commercial solution.  What HAS 
happened, though, is that my expectations for the commercial products 
are now higher than they were... and the salesmen are somewhat worried.

Regards,
Gerry


--__--__--

Message: 2
Date: Fri, 23 Aug 2002 04:33:31 +0200
To: lartc@mailman.ds9a.nl
From: Pedro Larroy <piotr@omega.resa.es>
Subject:  psched_tod_diff function

Hi
I don't understand what psched_tod_diff function in net/sched/sch_api.c
does, so I don't know what PSCHED_TDIFF_SAFE does in sch_tbf.c

Any help will be apreciated.
-- 
 ... ___________________________________________________________ ...
|   /|                                                         |\   | 
|  /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr  |-\  |
| /--|            No MS-Office attachments please.             |--\ |
o-|--|              e-mail: piotr@omega.resa.es                |--|-o 
|  \-|    finger piotr@omega.resa.es for public key and info   |-/  | 
|...\|_________________________________________________________|/...| 

--__--__--

Message: 3
Date: Fri, 23 Aug 2002 04:36:12 +0200
To: lartc@mailman.ds9a.nl
Subject: Re:  HTB is in 2.4.20pre1,2
From: Pedro Larroy <piotr@omega.resa.es>

On Wed, Aug 14, 2002 at 11:32:05PM +0200, devik wrote:
> Hi,
> for those who haven't realized it yet. It is in 2.4.20pre2,
> 2.5.xx, should go into new iproute2 package and I have informations
> about possibility to have it in 2.2 soon.
> 
> devik

Congratulations devik :)

Regards.
-- 
 ... ___________________________________________________________ ...
|   /|                                                         |\   | 
|  /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr  |-\  |
| /--|            No MS-Office attachments please.             |--\ |
o-|--|              e-mail: piotr@omega.resa.es                |--|-o 
|  \-|    finger piotr@omega.resa.es for public key and info   |-/  | 
|...\|_________________________________________________________|/...| 


--__--__--

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc


End of LARTC Digest


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux