On Fri, 2011-02-04 at 15:22 +0100, Michele Petrazzo - Unipex wrote: > Marek Kierdelewicz ha scritto: > >> Hello. > > > > Hi, > > > >> I recently wrote a script that adds a new rule for an ip address > >> each time a new user is added to our network. I've noticed my tc > >> rules work ... Our network has about 120 users in total not all of > >> these get connected Are these rules ok? > > > > If you have such linear ruleset (iptables marking+tc filter) for 120 > > users then it's will not work well. If my theory is right, check top > > when there are more users logged in. You'll probably see hi cpu usage > > in "si"/"hi" (software/hardware interrupt) fraction. > > > > I, are you sure about the big difference? > I agree with you about tc u32 filters are better than iptables + > marking, but like now I have about 100mbit 1k+ users with > mangle+classify and tc+htb+egress and I have a load at about 0.2. > My cpu are xeon 2.6 quad. > I agree. My CPU load is very low for similar setups. I think the problems that are being experienced are errors in the way that HTB is being used (as per my last post). Although you might be able to fix your problems by changing your scripts entirely as above, you might want to try fixing your original scripts instead. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
