Re: traffic shaping with tc on Linux 5.4.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2021/02/15 14:22, Lars Noodén wrote:

If this is the right list to ask about tc, then I have a beginner
question about traffic shaping.  If not please point me to the correct
venue.


Hi Lars,

Probably you should ask your question on the LARTC mailing list:
https://lartc.org/#mailinglist

You could also try
https://serverfault.com/



My questions is, given the rules below, how would I further subdivide
the SSH queue so that interactive sessions are prioritized over bulk
transfers?


Just some general comments:
Your question boils down to how to distinguish between interactive and bulk transfer SSH sessions. Some different cases:
* If interactive and bulk sessions typically originate from different hosts, then you could mark packets based on ip saddr and assign the marks to different routing classes.
* If the same hosts initiate both interactive and bulk transfers, then you could run sshd on two different ports, one for interactive, one for bulk transfers, and mark packets based on tcp dport. That would require you/your users to remember to use the correct ssh port depending on their intention.
* If you don't want to depend on clients connecting to a particular sshd port, you could try using SFQ to at least give interactive sessions a chance during bulk transfers. This *might* be enough, but is probably not the optimal way to achieve your goal. 
https://lartc.org/howto/lartc.qdisc.classless.html#LARTC.SFQ
* Your general problem of achieving reasonable latency for interactive sessions while simultaneously providing high bandwidth for bulk transfers is exactly what HFSC is intended to solve: 
https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve

Worth a look!
* If none of the above ends up suitable for your purpose, you could use a meter with key ip saddr . tcp sport to mark ssh connections consuming more than a critical bandwidth for assignment to a bulk transfer class that gets lower priority. I'd use a set rather than a map because maps don't support timeouts, and you probably want the elements to expire automatically. I think a simple PRIO queue (within your ssh class) would work well with this config. 

https://wiki.nftables.org/wiki-nftables/index.php/Meters
https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings
https://lartc.org/howto/lartc.qdisc.classful.html#AEN902

~
Would be interested in what you end up using... it would be great if you could follow up with a summary later. Good luck! 

Best regards,
Frank
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux