hi I would like to ask is the following config correct for what I want to achieve ...
Scenario:
I have 3 networks 192.168.12.0/24, 192.168.48.0/24, 192.168.56.0/24 and most of the users use 1 IP, some of them more...
If I make flat u32-filter search the box will make aprox/max 3 * 256 = 768 checks for every IP, so i'm deciding to deploy u32 hashes..
Here is the config I think to use (i'm ommiting some of the filter syntax for simplicity) :
protocol ip u32
#what is the divisor meaning !?
handle 5: protocol ip u32 divisor 256
u32 ht 800::
match ip src 192.168.12.0/24
match ip src 192.168.48.0/24
match ip src 192.168.56.0/24
#13 is the third octet in the IP address isnt 'it
hashkey mask 0x000000ff at 13
link 5:
# c => 12 ,
u32 ht 5:c: match ip src 192.168.12.1 flowid 1:1
u32 ht 5:c: match ip src 192.168.12.2 flowid 1:2
.....
# 30 => 48
u32 ht 5:30: match ip src 192.168.48.1 flowid 1:257
u32 ht 5:30: match ip src 192.168.48.2 flowid 1:258
......
#38 => 56
u32 ht 5:38: match ip src 192.168.56.1 flowid 1:513
..................
If that is OK, then my next question comes in :").. if I know how much networks I will support with a given
qos-box to calculate the best possible variant how to subdivide filters.. I mean it will be better if I
divide them not by class-C but on smaller group...Lets make some calculations :
I expect to handle maximum 10 class C networks with one box. This means that if the checks are divided
by class-C (like above) the max number of check would be (calculations are aproximate so that they are
easy for understanding) :
class-C ===> 10 + 256 = 267 checks
If I divide the check for every 128 ip's now first level checks goes from 10 --> 20
128 ip's level1 ===> 20 + 128 = 148
next....
64 ip's level1 ===> 40 + 64 = 104
next .....
32 ip's level1 ===> 80 + 32 = 112
>From the calculation is seen that for my scenario of 10 class-C nets the best will be to divide the checks
per 64 ip's.
So my question is how TO DO IT ? i.e. make the hash check in a way to compare sub-nets ? example pls ?
I have to change the
hashkey mask 0x000000ff at 13
to :
hashkey mask 0x000000XX at 13 :"), fill in..
For those that dont see reason for doing this, one more calculation :
10 class-C nets * 256 ips = 2560 checks
so in the simple classC scenario we have 10 fold speed up, and for the 64 ips - 25 times faster....
Subquestion : is there a way to see exactly which subsystem takes what cpu time, on the top/atop
output we see just the total SYSTEM cpu time but now how it is divided by the net framework..
if we have such info we will know how to tune the system better ?!
tia
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
