it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Martin Kraus <lists_mk AT wujiman.net>
- To: Aleksey <unite AT openmailbox.org>
- Cc: Dmitry Sinina <dmitry.sinina AT onat.edu.ua>, debian-isp AT lists.debian.org
- Subject: Re: [IT-SecNots] Traffic shaping on debian
- Date: Sat, 28 May 2016 17:16:52 +0200
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <https://lists.debian.org/debian-isp/>
- Old-return-path: <lists_mk AT wujiman.net>
- Resent-date: Sat, 28 May 2016 15:27:54 +0000 (UTC)
- Resent-from: debian-isp AT lists.debian.org
- Resent-message-id: <52xgciTr1ZC.A.8DH.6jbSXB@bendel>
- Resent-sender: debian-isp-request AT lists.debian.org
On Fri, May 27, 2016 at 04:50:55PM +0300, Aleksey wrote:
> Practically, I haven't done any configuration on my production router - I
> have performed tests in lab environment. Configuration was pretty simple:
>
> tc qdisc add dev eth1 root handle 1: htb default 30
> tc class add dev eth1 parent 1: classid 1:1 htb rate 1000mbps ceil 1000mbps
> tc class add dev eth1 parent 1:1 classid 1:10 htb rate 3mbps ceil 5mbps
> tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5mbps ceil 7mbps
> tc class add dev eth1 parent 1:1 classid 1:30 htb rate 1mbps ceil 1000mbps
> tc qdisc add dev eth1 parent 1:10 handle 10:0 sfq perturb 10
> tc qdisc add dev eth1 parent 1:20 handle 20:0 sfq perturb 10
> tc qdisc add dev eth1 parent 1:30 handle 30:0 sfq perturb 10
> tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dport 443
> 0xffff flowid 1:20
> tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dport 80
> 0xffff flowid 1:10
I'd assume the problem is that when you bind htb directly to the root of a
device you basically loose the multiqueue capability of an ethernet card
because all packets must end in a single queue from which they are dispatched
to the multiple queues of an ethernet card.
mk
- [IT-SecNots] Traffic shaping on debian, Aleksey, 27.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Mihamina RAKOTOMANDIMBY, 27.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Dmitry Sinina, 27.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Aleksey, 27.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, lxP, 27.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, lxP, 28.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Martin Kraus, 28.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Aleksey, 30.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Martin Kraus, 30.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Aleksey, 30.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, lxP, 27.05.2016
- Re: [IT-SecNots] Traffic shaping on debian, Aleksey, 27.05.2016
Archiv bereitgestellt durch MHonArc 2.6.19.