I already did that, but thanks. The problem I think comes because I have an iplimit up to 15 parallel tcp connections for each user. The thing is, if a couple of clients open up emule,kazaa,etc... try to open lots of connections, but only 15 are allowed. Hence I thinkm, they actually produce a kind of DoS over my server, since lots of connections are trying to be stablished, but only 15 are allowed. Does that make sense? Is there a way of maybe do so, but without having this problem? I suppose the kernel treats connections as soon as they arrive, I mean in a FIFO policy. Maybe a policy there would make sense... -----Mensaje original----- De: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] En nombre de Ed Wildgoose Enviado el: martes, 18 de mayo de 2004 12:52 Para: GoMi CC: lartc@xxxxxxxxxxxxxxx Asunto: Re: RV: LATENCY PROBLEMS >The load balancing is working great, we are doing connection tracking so I >can mark and hence prioritize interactive traffic and ACKS on the upstream, >and with ipp2p I mark p2p traffic allocating it under the non-interactive >queue. > >The problem comes when there is more than 70 users + or -, when interactive >traffic stops working at all, or it has a very VERY high latency. > > On thought occurs, which is that some P2P protocols apparently misuse the ACKs to send data: http://www.docum.org/stef.coene/qos/faq/cache/49.html Could this be the cause of some of your problems? Perhaps you should take a closer look at your ACK traffic - you could add a SFQ (or ESFQ?) to that queue? Pop some stats on it and try to find out where it is coming from and try to correlate with the traffic from that user? Ed W _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
