Re: big problem with HTB/CBQ and CPU for more than 1.700 customers

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alexandru Dragoi написа:
u32 hash filters is the key, as somebody pointed. You can also tune your
iptables setup, like this

#192.168.1.0/24
iptables -t mangle -N 192-168-1-0-24
iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j 192-168-1-0-24
iptables -t mangle -N 192-168-1-0-25
iptables -t mangle -N 192-168-1-128-25
iptables -t mangle -A 192-168-1-0-24 -s 192.168.1.0/25 -j 192-168-1-0-25
iptables -t mangle -A 192-168-1-0-24 -s 192.168.128.0/25 -j 192-168-1-128-25
.
.
and so on, until (ip 192.168.1.11, which is called in chain created for
192.168.1.10/31)

iptables -t mangle -A 192-168-1-10-31 -s 192.168.1.10 -j CLASSIFY
--set-class 1:10
iptables -t mangle -A 192-168-1-10-31 -s 192.168.1.11 -j CLASSIFY
--set-class 1:11

.. I guess you got the ideea, it requires some RAM, which i belive is
not such a big problem. Similar rules should be made for download.

Or you can use my patch - IPCLASSIFY. Then the rules above would be substituted by a signle rule per direction:


iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j IPCLASSIFY --addr=src --and-mask=0xff --or-mask=0x11000 iptables -t mangle -A FORWARD -d 192.168.1.0/24 -j IPCLASSIFY --addr=dst --and-mask=0xff --or-mask=0x12000

This is equal to applying CLASSIFY target to each packet with --set-class (srcIP & 0xFF | 0x1100 ) and --set-class (dstIP & 0xFF | 0x1200 ). It is very similar to IPMARK, but it uses skb->priority field instead mark. So no tc filters are needed.

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux