RE: [LARTC] Re: Matching with Layer7 vs. IPP2P
Ok How match hosts ? How is your FC4 performance with that settings ? bests andres. -> -> L7 compiled fine on Fedora Core 4 with kernel 2.6.12.6 with following -> procedure: -> 1. patched kernel sources with ipp2p using patch-o-matic-ng -> 2. patched kernel with the patch file from l7 -> 3. patched iptables-1.3.5 with l7 -> 4. make/install iptables -> 5. make/install kernel -> -> I had to adjust the destination directories for iptables to fit Fedora's -> convention. -> -> Best regards, -> Arik -> -> Jandre Olivier wrote: -> > I was just about to post the same post, -> > -> > I currently use ipp2p and it works pretty well, It just doesnt seem to -> > track morpheous(fasttrack) protocols, otherwise it works -> pretty well. I -> > have quite alot of connections and havent seen any performance issues. -> > My next step is to add L7 as well with ipp2p to completely -> block/shape p2p. -> > -> > However I find L7 bit more tricky than ipp2p to compile -> > Cannot comment on L7 -> > -> > J -> > -> > -> > Arik Raffael Funke wrote: -> >> Hi, -> >> -> >> can anybody comment on the cost of matching with IPP2P vs. Layer7. -> >> -> >> Also, does a iptables rule with more complicated matching mechanism -> >> also slow down processing if all the packets are matched before they -> >> reach the rule. I.e. is the mere existence of a potentially costly -> >> rule already slowing down processing or only if packets are actually -> >> processed by it? -> >> -> >> Thanks very much in advance. -> >> -> >> Best regards, -> >> Arik -> -> ___ -> LARTC mailing list -> LARTC@mailman.ds9a.nl -> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: Matching with Layer7 vs. IPP2P
L7 compiled fine on Fedora Core 4 with kernel 2.6.12.6 with following procedure: 1. patched kernel sources with ipp2p using patch-o-matic-ng 2. patched kernel with the patch file from l7 3. patched iptables-1.3.5 with l7 4. make/install iptables 5. make/install kernel I had to adjust the destination directories for iptables to fit Fedora's convention. Best regards, Arik Jandre Olivier wrote: I was just about to post the same post, I currently use ipp2p and it works pretty well, It just doesnt seem to track morpheous(fasttrack) protocols, otherwise it works pretty well. I have quite alot of connections and havent seen any performance issues. My next step is to add L7 as well with ipp2p to completely block/shape p2p. However I find L7 bit more tricky than ipp2p to compile Cannot comment on L7 J Arik Raffael Funke wrote: Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance. Best regards, Arik ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [offlist] Re: [LARTC] how to do probabilistic packet loss in kernel?
Hey Martin, I was able to do it with netem and its working great now. I've actually moved on to another challenge, I would like to drop packets at the hardware level such as to see rate control. Because when netem drops a packet, TCP responds, however the lower level card will not interact because it never sees the loss. What I want to do is somehow cause the card to send a corrupted packet based on a probability, or not send the packet but make it think that it did. I'm using madwifi and I've found in the code where it does rate control and sends out the data, so i'm hoping to make this happen, but having troubles! So if anyone else has any ideas on how to get rate control interactive packet loss, i'd love it. - George Martin A. Brown wrote: Hello George, Unfortunately, I cannot answer your most recent question. I'm hoping that Stephen Hemminger can answer your question. He is subscribed to the LARTC list, is also the author of netem and seems to be a smart cookie. Good luck, -Martin ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Matching with Layer7 vs. IPP2P
I was just about to post the same post, I currently use ipp2p and it works pretty well, It just doesnt seem to track morpheous(fasttrack) protocols, otherwise it works pretty well. I have quite alot of connections and havent seen any performance issues. My next step is to add L7 as well with ipp2p to completely block/shape p2p. However I find L7 bit more tricky than ipp2p to compile Cannot comment on L7 J Arik Raffael Funke wrote: Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance. Best regards, Arik ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- /*-*/ __ _ -- / / (_)__ __ __ - --- / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ -- [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
