100kbytes of prefixes is not so good , hashing does not mean anything faster when checking ip you will need to test 4 bytes in any way, since hash is usualy 32 bit too. this can help on very complex rules only. so if you pump 100 kbytes of prefixes this is probably 7000 addreses so on each packet 7000 tests will be done. everything mostly depends on how much trafic you need to pass. probably hierarchical structure is the best option. you can use multiple servers to mark packets and one to shape trafic ( you sould use TOS not mark) ----- Original Message ----- From: "Rene Gallati" <lartc@xxxxxxxxxxxxx> To: <lartc@xxxxxxxxxxxxxxx> Sent: Wednesday, March 31, 2004 1:56 AM Subject: large routing table > Hello List, > > I have a little non-standard problem (or so I guess). I'm getting a > sponsored server on a backbone for almost nothing - which is quite nice. > However there is a string attached: Since the bandwith to foreign > countries is expensive, while in-land bandwith is almost free, I need to > shape down access to all '"'foreign'"' IPs. > > Now I have a (large) list of routes/prefixes for destinations which are > ok - a whitelist if you want. The question I have now is, how do I best > proceed in using that list so that the kernel does not spend too much > time looking it up for every single packet. > > Is the routing table hashed by default so access is fast and I can just > pump in the ~100KBytes of ip prefixes ? Or does it traverse them > linearly and I need to build a hierarchical structure so that it will be > fast ? (sort of like in section 12.4 of the LARTC howto with the filters?) > > I've also toyed with the idea of doing it in netfilter since I know > netfilter quite a lot better than tc and ip but it is mostly outgoing > traffic that is a problem and I sort of feel that this is better done by > the routing/filtering infrastructure than by the firewall. > > Any advice? > > Thanks in advance > > René > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
