Hello,
i am thinking about improving the way we do bandwidth shaping (traffic
control) in our network.
Currently we have like 80000 rules that do something like this:
iptables -A post_10_11_171_248_29 -d 10.11.171.249/32 -o vlan1100 -j
CLASSIFY --set-class 0001:3065
And even when there is some level of optimalization using subchains, i
guess that nftables can optimize this simply by internal hashing in
named map (or dictionary - i did not get how these two are different).
I need to have $IP : $CLASS map like this:
10.11.171.247/32 : 0001:4095
10.11.171.248/32 : 0001:3065
10.11.171.249/32 : 0001:2023
And then simply classify the packets using single rule like this:
-d $IP -j CLASSIFY --set-class $CLASS
So i can later shape the classified packets using tc. (BTW i've heard
that nft has something called "ingress hook" that could replace tc, so i
could have everything configured thru nft, is that true?)
Is there way to do this in nftables?
--
S pozdravem
Best regards
Tomáš Mudruňka - SPOJE.NET s.r.o.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
