Zum Inhalt springen.
Sympa Menü

it-securitynotifies - Re: [IT-SecNots] Traffic shaping on debian

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

Re: [IT-SecNots] Traffic shaping on debian


Chronologisch Thread 
  • From: Aleksey <unite AT openmailbox.org>
  • To: Martin Kraus <lists_mk AT wujiman.net>
  • Cc: Dmitry Sinina <dmitry.sinina AT onat.edu.ua>, debian-isp AT lists.debian.org
  • Subject: Re: [IT-SecNots] Traffic shaping on debian
  • Date: Wed, 01 Jun 2016 10:22:55 +0300
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • List-url: <https://lists.debian.org/debian-isp/>
  • Old-return-path: <unite AT openmailbox.org>
  • Resent-date: Wed, 1 Jun 2016 07:23:17 +0000 (UTC)
  • Resent-from: debian-isp AT lists.debian.org
  • Resent-message-id: <xDgULgUin7F.A.8VH.k1oTXB@bendel>
  • Resent-sender: debian-isp-request AT lists.debian.org

On 2016-05-30 18:34, Martin Kraus wrote:
On Mon, May 30, 2016 at 01:55:51PM +0300, Aleksey wrote:
I have also noticed that all the load is on one CPU core it is not
distributed to all available cores. And how can this be avoided?

There is a qdisc called mq which creates a class for each hardware queue on
the attached ethernet card. You can bind other qdiscs (such as htb) to each of
these classes but this will not allow you to shape traffic for a single
type going out over all the hardware queues.

It might be possible to have multiple htb qdiscs and use filters to send
each type of traffic to a selected hardware queue. This has other adverse
effects (such as not being able to borrow unused bandwidth among the hw
queues) and there still might be lock contention among the cores for each such
queue so it might not even work better.

If you are at 1 Gbit speed the cpu can probably handle it so there is no need
to do any of this. If you have a 10Gbit+ connection then this probably isn't
the correct place to do shaping anyway and should be done closer to the source.

It depends on what you're trying to accomplish.

regards
Martin

So, yes, I have 10G uplinks. The main goal is to be able to shape traffic from certain hosts to the destinations that are reachable through local internet exchange and to all other destinations (world). Local IX is connected to one interface of my debian box and worldwide traffic flows through the another. The simpliest way to achieve this, for my opinion, was to apply egress qdiscs on there interfaces and apply filters and classes there also, so it would effectively shape as I need. The problem with shaping closer to the source is that I wouldn't be able to classify the traffic on switches - it's not only one or a couple of destinations, it's something like 30k destinations available through local IX.

Probably you could point me to a better option.

P.S. to lxP - increasing rate on the default htb class didn't help - probably, CPU usage could drop a couple percents lower (not sure, really) but is is definitely not significant.

--
With kind regards,
Aleksey





Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang