Marek Kierdelewicz wrote:
Hi,
Hi
I, are you sure about the big difference? I agree with you about tc
u32 filters are better than iptables + marking, but like now I have
about 100mbit 1k+ users with mangle+classify and tc+htb+egress and
I have a load at about 0.2. My cpu are xeon 2.6 quad.
Do you have individual iptables rule doing marking for each user
(1k+ rules in mangle)?
Yes. One rule for mark and one for return. One for classify and one for
return. The first ones inside prerouting and the latter in forward.
srv:~# iptables -nvL -t mangle|wc -l
7193
Like now, I have load: 0.04 ;)
Best regards, Marek Kierdelewicz
Ciao,
Michele
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
