I've got a couple of queries about packet marking/classifying ...
I'm configuring a box to account and control traffic on a 6Mbps link,
including traffic shaping/prioritisation and splitting out some
bandwidth out for customers. Currently I'm up to about 35 htb classes
! The box has two interfaces, doing simple routing (no nat, no
multiple providers, etc).
If I'm using my own tcstart file, do I ignore the tcdevices file ?
I see that I have the choice of marking the packets in tcrules and
then using tc filters to filter the marked packets into classes, or I
can classify the packets in tcrules.
Is classifying more efficient than marking and filtering ?
At first glance it would seem that classifying should be more
efficient as it's one step, or is there something going on in the
background that will negate that ?
Or is the overhead so low that I should ignore it ?
Does it make any difference to the rules generated, or the processing
required to handle packets, if I specify devices in the rules ? Eg,
is there any difference between :
1:11 a.b.c.d 0.0.0.0/0 tcp - 80
1:11 ethint:a.b.c.d 0.0.0.0/0 tcp - 80
At first glance it doesn't appear to make any difference, but I'm not
that experienced at reading iptables output.
Do classify action get actioned before or after tcfilters ?
Eg, if I have a tc filter putting traffic into one class, and a
tcrules entry classifying traffic into a difference class - which
will take effect. In particular I'm thinking in terms of a tc filter
directing traffic for the internal network originating on the
firewall into an (effectively) unlimited class (100:10 in the diagram
below), while a tcrule entry is classifying traffic from "anywhere"
to a specific host into a different, bandwidth controlled, class (eg
101:11 below).
And lastly, does it matter if the classes I classify to are not
attached to the root of the device ? On my internal interface I have
the following (Q=Queue, C=class) :
ethint -- Q htb 100: -- C htb 100:1 -- C htb 100:10 -- Q sfq
\- C htb 100:11 -- Q htb 101: ---
then under Q htb 101:
Q htb 101: -- C htb 101:101 --- C htb 101:10 -- C htb 101:11 -- Q sfq
| |- C htb 101:12 -- Q sfq
| |- .....
|
|- C htb 101:20 -- C htb 101:21 -- Q sfq
| |- .....
|
|...
Does the TC code just start at the device route, and push the packet
down the 'tree' until it runs out or find a match. Or does it need to
be told where to start ? The tc rules I have in tcstart are attached
to the relevant parent (100: or 101:)
Thanks if you've made it this far without being bored into a coma !
PS - when I get this finished, I'll see if I can get permission to
post & document it as an example installation.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
