it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Raúl Alexis Betancor Santana <rabs AT dimension-virtual.com>
- To: debian-isp AT lists.debian.org
- Subject: Re: [IT-SecNots] Traffic shaping on debian
- Date: Wed, 1 Jun 2016 11:02:30 +0200 (CEST)
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <https://lists.debian.org/debian-isp/>
- Old-return-path: <rabs AT dimension-virtual.com>
- Resent-date: Wed, 1 Jun 2016 09:22:24 +0000 (UTC)
- Resent-from: debian-isp AT lists.debian.org
- Resent-message-id: <l7qq-D8-NeN.A.GED.QlqTXB@bendel>
- Resent-sender: debian-isp-request AT lists.debian.org
> So, yes, I have 10G uplinks. The main goal is to be able to shape
> traffic from certain hosts to the destinations that are reachable
> through local internet exchange and to all other destinations (world).
> Local IX is connected to one interface of my debian box and worldwide
> traffic flows through the another. The simpliest way to achieve this,
> for my opinion, was to apply egress qdiscs on there interfaces and apply
> filters and classes there also, so it would effectively shape as I need.
> The problem with shaping closer to the source is that I wouldn't be able
> to classify the traffic on switches - it's not only one or a couple of
> destinations, it's something like 30k destinations available through
> local IX.
>
> Probably you could point me to a better option.
>
> P.S. to lxP - increasing rate on the default htb class didn't help -
> probably, CPU usage could drop a couple percents lower (not sure,
> really) but is is definitely not significant.
>
> --
> With kind regards,
> Aleksey
If you are trying to shape 10G links with an Debian box, apart from routing
... you will have to do lot tunning on the system.
Look for 'High performance Linux routing' on google, you will find lot of
articles explain the caveats you will face.
When going over 1G links ... it's better to use dedicated hardware for
rouiting
and shaping, IMHO.
Best regards
(null)
- Re: [IT-SecNots] Traffic shaping on debian, Aleksey, 01.06.2016
- Re: [IT-SecNots] Traffic shaping on debian, Raúl Alexis Betancor Santana, 01.06.2016
Archiv bereitgestellt durch MHonArc 2.6.19.