[LARTC] Route cache
Hi, I have a P4 @ 3Ghz router running Debian. It shapes traffic ( about 500-600 classes ), about 1000 iptables rules, and it does BGP too, so i get about 1300+ routes in the routing table. The problem is the load is too high on this system. I found a solution to my problem, turning off the route cache, but i dont know how to implement it, I was wondering if anyone found a way to disable the route caching system inside the kernel, to improve router performance in high traffic conditions. Thanks ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Sip Traffic
Hi I am pretty much a newbie, I found with sip if I match ports 5060 and 1 - 2 it works I noticed on some phones the use 13000 - 14000 and others use 18000 - 19000. there is a new sip-contrack out although I haven't tried it yet. william -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of LinuXKiD Sent: 17 April 2006 15:59 To: lartc Subject: [LARTC] Sip Traffic Hi. there is a way to MARK udp VOIP (SIP) traffic, in order to put in a highest prio class ? Traffic flow seems start on udp 5060 port, but next both server and client seems jump to a random(?) port. I can't use CONNMARK because is udp traffic. I only see a pattern for L7 patch in order to SIP traffic identification , but I run 2.4 kernel series . When you patch 2.4 kernel with L7 patch, later, Connmark (patch o matic ) can't apply. (conflicts) thank you. -- Andres ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Sip Traffic
mmm... intresting http://sipx-wiki.calivia.com/index.php/HowTo_configure_iptables ip_conntrack_sip Someone has tried it ? works on 2.4 kernel series ? thanks - - - Hi I am pretty much a newbie, I found with sip if I match ports 5060 and - 1 - 2 it works I noticed on some phones the use 13000 - 14000 and - others use 18000 - 19000. there is a new sip-contrack out although I - haven't tried it yet. - - william - - -Original Message- - From: [EMAIL PROTECTED] - [mailto:[EMAIL PROTECTED] - On Behalf Of LinuXKiD - Sent: 17 April 2006 15:59 - To: lartc - Subject: [LARTC] Sip Traffic - - - Hi. - - there is a way to MARK udp VOIP (SIP) traffic, - in order to put in a highest prio class ? - - Traffic flow seems start on udp 5060 port, but - next both server and client seems jump to a - random(?) port. - - I can't use CONNMARK because is udp traffic. - - I only see a pattern for L7 patch in order to - SIP traffic identification , but I run 2.4 - kernel series . - - When you patch 2.4 kernel with L7 patch, - later, Connmark (patch o matic ) can't apply. - (conflicts) - - thank you. - -- - Andres - ___ - LARTC mailing list - LARTC@mailman.ds9a.nl - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc - ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb overrate with 2.6.16
Yanko Kaneti wrote: One more thing I just thought - sfq sets its quantum from the dev mtu. Riiight. I should have tried without the sfq earlier. Without it this works as expected without explicit mtu setting for the htb class. And no giants. # tc qdisc add dev eth0 root handle 1: htb # tc class add dev eth0 parent 1: classid 1:2 htb rate 2Mbit # tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 50 fw flowid 1:2 I wouldn't have expected that to make any difference to the giants. Looking again at your stats - Sent 189796883 bytes 20626 pkt (dropped 0, overlimits 0 requeues 0) rate 3484Kbit 45pps backlog 0b 0p requeues 0 lended: 20627 borrowed: 0 giants: 30926 tokens: -9768 ctokens: -9768 The giants count is higher than the packet count so now I am really confused. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb overrate with 2.6.16
Andy Furniss wrote: Looking again at your stats - Sent 189796883 bytes 20626 pkt (dropped 0, overlimits 0 requeues 0) rate 3484Kbit 45pps backlog 0b 0p requeues 0 lended: 20627 borrowed: 0 giants: 30926 tokens: -9768 ctokens: -9768 The giants count is higher than the packet count so now I am really confused. Doh - I suppose thats just the way HTB counts so you add them together. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb overrate with 2.6.16
Andy Furniss wrote: Andy Furniss wrote: Looking again at your stats - Sent 189796883 bytes 20626 pkt (dropped 0, overlimits 0 requeues 0) rate 3484Kbit 45pps backlog 0b 0p requeues 0 lended: 20627 borrowed: 0 giants: 30926 tokens: -9768 ctokens: -9768 The giants count is higher than the packet count so now I am really confused. Doh - I suppose thats just the way HTB counts so you add them together. LOL - Third try, testing on lo which is confusing and maybe misleading but it looks like the giants count gets doubled up but the packet count doesn't. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Sip Traffic
Mensaje citado por: LinuXKiD [EMAIL PROTECTED]: mmm... intresting :) indeed.. Someone has tried it ? I suppose, i have received very goog feedback about it. works on 2.4 kernel series ? Only 2.6.11. (rusty newnat api) BTW, using the \helper\ extension in IPTABLES is possible to mark sip related traffic easily thanks Cheers. __ Registrate desde http://servicios.arnet.com.ar/registracion/registracion.asp?origenid=9 y participá de todos los beneficios del Portal Arnet. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Route cache
Hi, On Tue, Apr 18, 2006 at 09:30:18AM +0300, Andrei Sandu wrote: I have a P4 @ 3Ghz router running Debian. It shapes traffic ( about 500-600 classes ), about 1000 iptables rules, and it does BGP too, so i get about 1300+ routes in the routing table. The problem is the load is too high on That's not so much: [EMAIL PROTECTED]:~$ ip ro sh|wc -l 188583 Yes, that's the internet with peering and all... this system. I found a solution to my problem, turning off the route cache, but i dont know how to implement it, You realise that your solution doesn't really sound good? ;-) I was wondering if anyone found a way to disable the route caching system inside the kernel, to improve router performance in high traffic conditions. Again: turning off route caching really does not sound good. Especially if you have different routes. What you need to do is increase your cache thresholds... [EMAIL PROTECTED](master):~$ ip ro sh cache|wc -l 41180 This system does a lot of traffic, and it still is cleaning it's nose. Depending on where your system is, you should put stuff into your sysctl.conf: net/ipv4/neigh/default/gc_thresh1=8192 net/ipv4/neigh/default/gc_thresh2=16384 net/ipv4/neigh/default/gc_thresh3=32768 net/ipv4/route/gc_elasticity=8 net/ipv4/route/gc_interval=30 net/ipv4/route/gc_min_interval=2 net/ipv4/route/gc_thresh=? etc... Anyway: I don't think that routing is really your issue. Maybe you should look into optimising the shaping and/or iptables ruleset. [EMAIL PROTECTED](master):~$ sudo iptables -L -n|wc -l 2166 [EMAIL PROTECTED](master):~$ sudo iptables -L -n -t nat|wc -l 192 etc... And of course, the BIG question: did you do a: insmod ip_conntrack hashsize=4194304 ? Having a small hashsize for the connection tracking table is of course the biggest problem for most users. -- begin LOVE-LETTER-FOR-YOU.txt.vbs I am a signature virus. Distribute me until the bitter end ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Matching with Layer7 vs. IPP2P
Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance. Best regards, Arik ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
