Hello,
we are using nftables maps to assign classids to packets, so it can be
later shaped by Linux TC subsystem. We do it like this:
map deucalion {
type ipv4_addr : classid;
elements = { 1.1.1.2 : 2:2222, 1.1.1.3 : 3:3333 }
}
we would also like to equip each element of this map with counters, so
we know how much traffic each listed ipadress transmitted and received.
Is this possible? Can we expect such feature in future? This is really
crucial for nftables to be usefull in ISP grade bandwidth management.
We are trying to move from iptables based system, where every customer
has own iptables rule with counters. We kinda managed to optimize this
by generating complex ruleset to match as fast as possible using
subsequent bisection, but using nftables would be much more manageable
for us. If only we could do both, classification and accounting in
single map.
So we can limit bandwidth (=internet speed), packet rate and account
bandwidth consumed. All of these for individual IPs (customers). Any
ideas how to do this in elegant way using nftables?
--
S pozdravem
Best regards
Tomáš Mudruňka - SPOJE.NET s.r.o.
