Re: Using iptables with high volume mail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




----- Original Message ----
> From: Richard Horton <arimus.uk@xxxxxxxxxxxxxx>
> To: John Little <jlittle_97@xxxxxxxxx>
> Cc: netfilter@xxxxxxxxxxxxxxx
> Sent: Thursday, October 1, 2009 7:54:06 AM
> Subject: Re: Using iptables with high volume mail
> 
> 2009/10/1 John Little :
> 
> > What modules, tables and rules to use to optimize iptables for this type 
> volume?  All of the mail is sent on the standard port 25.  We need to optimize 
> for quick deliverability.  (I've read the man page and looked at TOS with the 
> mangle table.  I read somewhere that this only for udp.)
> 
> Setting the DSCP / ToS field via mangle will work with IP traffic
> regardless of payload type (UDP/TCP/IPSEC Tunnelled/etc). However,
> there is only any point in applying it for 'quick' delivery if the
> upstream routers are configured to apply a diffserv policy on a per
> hop basis.
> 
> Apart from that 'quick delivery' isn't really something diffserv can
> give you: EF traffic (Expedited forwarding) is intended for real-time
> jitter sensitive traffic where loss is less of an issue than excessive
> inter-packet delay. For reliable delivery use an AFxx class. However I
> don't believe applying diffserv / tos in your case will achieve the
> end results you are looking for unless you have control over all the
> hops along the mail path, or SLA's in place with the network
> provider(s) -- and usually once you exceed your purchased amount of
> traffic within a class its either remarked or dropped - and strictly
> under diffserv should be dropped as you should not remark outside of a
> class.
> 
> -- 
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery


Hi Richard

Good point.  We don't control the hops on the mail path.  We also
strictly observe the traffic rules that we have agreed to with the
upstream providers.  

As I think about my question and your answers the next part would be
that we want to "streamline" our iptables rules so that they are
working efficiently and not consuming any more resources than are
necessary.  To that end I would think that I would probably need to have some rules written and post them here for review.  

Resource consumption has been a major issue with the commercial devices
we have tried.  This has led to the question of building the machines
with iptables that are tuned specifically for our environment.  

I realize that other kernel tuning parameters need to be factored in as
well.  I'm just want to make sure we have all of our bases covered.

Thanks,
John



      
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux