Re: MARK causes high CPU usage / using tc in conjunction with MASQ

Paul Lambert <paul@xxxxxxxxx> · Fri, 28 May 2004 09:50:00 -0600

I'm actually using the WISP Billing System from PowerNOC. I talked with 
them about your idea and they implemented it for me already. It is 
working great. Thanks everyone for your help!

Andreas Klauer wrote:

Am Saturday 22 May 2004 23:25 schrieb Paul Lambert:

This setup has worked well for more than 1000 devices but as the network
has grown to 3000+ devices the CPU is not keeping up.

I guess you mean 3000+ clients, not actual network devices on one machine.

*** eth0 is MASQUERADE'd so I mark the packet on eth1 ***
*** I have narrowed it down to this one entry sucking all the CPU ***
iptables -t mangle -A PREROUTING -s 10.10.6.20 -i eth1 -j MARK
--set-mark 0x843

Well, if you have 3000+ rules like that, it will certainly slow you down.
You should use some kind of hashing. How that is done for tc filters,
is described here: http://www.lartc.org/lartc.html#LARTC.ADV-FILTER.HASHING

Apply the same (or a similar) mechanism to your iptables ruleset and 
you should get improved speeds.

HTH
Andreas
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: MARK causes high CPU usage / using tc in conjunction with MASQ

Linux Advanced Routing and Traffic Control