Thanks. What exactly need to be marked with iptables if you can simply use tc u32 filter instead? Just for stateful marking, i.e. NEW/ESTABLISHED? I suspect if there's any performance impact using u32 vs iptables. Horace Ng - Internet Solutions Limited E-mail: horace@xxxxxxxxx Tel: +852 27109880 Fax: +852 27704631 ----- Original Message ----- From: "Andrew Beverley" <andy@xxxxxxxxxxx> To: "Horace Ng" <horace@xxxxxxxxx> Cc: "Remy Mudingay" <remy.mudingay@xxxxxxxxx>, lartc@xxxxxxxxxxxxxxx Sent: Wednesday, August 21, 2013 2:29:11 PM Subject: Re: Not hitting rated speed on HTB downstream On Wed, 2013-08-21 at 09:46 +0800, Horace wrote: > Didn't know that IMQ was a thing of past and IFB is a successor to it. > There's not many documentations about IMQ and IFB on the internet. IMQ is still current. It provides the ability to hook into traffic passing through the netfilter stack. It's not in the vanilla kernel and from what I understand is unlikely to ever be. Disadvantage: requires kernel patching. IFB sits before netfilter, which provides less flexibility and means that you can't mark packets to classify your traffic for shaping. It is, however, in the vanilla kernel. Disadvantage: less flexibility. So, depends on your use case, but if you can you can manage with the reduced features then your preference should be IFB as no kernel patching is required. -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
