Re: [IT-SecNots] Traffic shaping on debian

[Aleksey <unite AT openmailbox.org>]

On 2016-05-28 18:16, Martin Kraus wrote:
> On Fri, May 27, 2016 at 04:50:55PM +0300, Aleksey wrote:
> > Practically, I haven't done any configuration on my production router 
> > - I
> > have performed tests in lab environment. Configuration was pretty 
> > simple:
> >
> > tc qdisc add dev eth1 root handle 1: htb default 30
> > tc class add dev eth1 parent 1: classid 1:1 htb rate 1000mbps ceil 
> > 1000mbps
> > tc class add dev eth1 parent 1:1 classid 1:10 htb rate 3mbps ceil 
> > 5mbps
> > tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5mbps ceil 
> > 7mbps
> > tc class add dev eth1 parent 1:1 classid 1:30 htb rate 1mbps ceil 
> > 1000mbps
> > tc qdisc add dev eth1 parent 1:10 handle 10:0 sfq perturb 10
> > tc qdisc add dev eth1 parent 1:20 handle 20:0 sfq perturb 10
> > tc qdisc add dev eth1 parent 1:30 handle 30:0 sfq perturb 10
> > tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32  match ip 
> > dport 443
> > 0xffff flowid 1:20
> > tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32  match ip 
> > dport 80
> > 0xffff flowid 1:10
>
> I'd assume the problem is that when you bind htb directly to the root 
> of a
> device you basically loose the multiqueue capability of an ethernet 
> card
> because all packets must end in a single queue from which they are 
> dispatched
> to the multiple queues of an ethernet card.
> mk

Hi.

I have also noticed that all the load is on one CPU core it is not 
distributed to all available cores. And how can this be avoided?


to lxP:

I'll try to rerun tests as you said and will report the results.

--
With kind regards,
Aleksey