On 2021/02/15 14:22, Lars Noodén wrote:
If this is the right list to ask about tc, then I have a beginner
question about traffic shaping. If not please point me to the correct
venue.
Hi Lars,
Probably you should ask your question on the LARTC mailing list:
https://lartc.org/#mailinglist
You could also try
https://serverfault.com/
My questions is, given the rules below, how would I further subdivide
the SSH queue so that interactive sessions are prioritized over bulk
transfers?
Just some general comments:
Your question boils down to how to distinguish between interactive and
bulk transfer SSH sessions. Some different cases:
* If interactive and bulk sessions typically originate from different
hosts, then you could mark packets based on ip saddr and assign the
marks to different routing classes.
* If the same hosts initiate both interactive and bulk transfers, then
you could run sshd on two different ports, one for interactive, one for
bulk transfers, and mark packets based on tcp dport. That would require
you/your users to remember to use the correct ssh port depending on
their intention.
* If you don't want to depend on clients connecting to a particular sshd
port, you could try using SFQ to at least give interactive sessions a
chance during bulk transfers. This *might* be enough, but is probably
not the optimal way to achieve your goal.
https://lartc.org/howto/lartc.qdisc.classless.html#LARTC.SFQ
* Your general problem of achieving reasonable latency for interactive
sessions while simultaneously providing high bandwidth for bulk
transfers is exactly what HFSC is intended to solve:
https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve
Worth a look!
* If none of the above ends up suitable for your purpose, you could use
a meter with key ip saddr . tcp sport to mark ssh connections consuming
more than a critical bandwidth for assignment to a bulk transfer class
that gets lower priority. I'd use a set rather than a map because maps
don't support timeouts, and you probably want the elements to expire
automatically. I think a simple PRIO queue (within your ssh class) would
work well with this config.
https://wiki.nftables.org/wiki-nftables/index.php/Meters
https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings
https://lartc.org/howto/lartc.qdisc.classful.html#AEN902
~
Would be interested in what you end up using... it would be great if you
could follow up with a summary later. Good luck!
Best regards,
Frank