Hi, this is exactly why ip addresses are already grouped with respect to location. So it should be possible to optimize things, maybe use some perl with http://search.cpan.org/~nwetters/IP-Country-2.15/lib/IP/Country.pm e.g. 194.0.0.0/8 is NL And I guess you can afford to make some errors, e.g. shaping a destination which shouldn't be shaped is not a crime if it wouldn't happen too often, just make sure you shape foreign IP's, how bad would it be to shape some non-foreign IP's accidently? And, ofcourse, either "foreign IP's" or "non foreign IP's" is the smallest list, use the samllest list. Good luck, Jeroen. On Wed, 31 Mar 2004 00:56:52 +0200 Rene Gallati <lartc@xxxxxxxxxxxxx> wrote: > Hello List, > > I have a little non-standard problem (or so I guess). I'm getting a > sponsored server on a backbone for almost nothing - which is quite nice. > However there is a string attached: Since the bandwith to foreign > countries is expensive, while in-land bandwith is almost free, I need to > shape down access to all "foreign" IPs. > > Now I have a (large) list of routes/prefixes for destinations which are > ok - a whitelist if you want. The question I have now is, how do I best > proceed in using that list so that the kernel does not spend too much > time looking it up for every single packet. > > Is the routing table hashed by default so access is fast and I can just > pump in the ~100KBytes of ip prefixes ? Or does it traverse them > linearly and I need to build a hierarchical structure so that it will be > fast ? (sort of like in section 12.4 of the LARTC howto with the filters?) > > I've also toyed with the idea of doing it in netfilter since I know > netfilter quite a lot better than tc and ip but it is mostly outgoing > traffic that is a problem and I sort of feel that this is better done by > the routing/filtering infrastructure than by the firewall. > > Any advice? > > Thanks in advance > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
