Re: [LARTC] Layer-7 don't work
Szymon Mroofka пишет: Hi, I have simple question about Skype. What are the methods of selecting packets which belongs to Skype?? I know about 7layer but I don't belive that is only way. Is 7layer realy good and stable solution for routers which must handle more than 1000 users ? Hi everybody! I use Layer-7 filter for hook packets like this : $ipt -t mangle -N SKYPE $ipt -t mangle -A SKYPE -j MARK --set-mark 41 $ipt -t mangle -A SKYPE -j LOG --log-prefix "IPT. SKYPE: " --log-ip-options $ipt -t mangle -A SKYPE -j IMQ $ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto dns -j DNS ... $ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j SKYPE ... $ipt -t mangle -A PREROUTING -j OTHER the iptables -t mangle -L PREROUTING -n -v show it's correct, but I see in LOG and see this: Aug 23 10:57:16 gate kernel: IPT. SKYPE: IN=eth0 OUT= MAC=xx:xx:...xx SRC=10.10.0.114 DST=10.10.0.1 LEN=140 TOS=0x04 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=162 DPT=162 LEN=120 etc... grep 162 /etc/services snmp-trap 162/tcp snmptrap# Traps for SNMP snmp-trap 162/udp snmptrap# Traps for SNMP it's not SKYPE, i think it is normal? my kernel 2.6.15, iptables v 1.3.5 all pathced, all modules is load. thx. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How to select Skype traffic??
Hi, I have simple question about Skype. What are the methods of selecting packets which belongs to Skype?? I know about 7layer but I don't belive that is only way. Is 7layer realy good and stable solution for routers which must handle more than 1000 users ? Thanks in advance Pozdrawiam Szymon Turkiewicz ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] New hardware
Marek Kierdelewicz wrote: Hi there, I used a SunFire x2100 which has 2 Ghz Opteron and PCI-Xpress slot into which I plugged in a dual port gigE Intel PCI-Xpress card. What was the software configuration of this host? What kernel have you used for the test (compiled for x86 or amd64; dual-core aware sheduler or not). Out of the curiosity ... dual port nic generates one interrupt or two per port? I asume the first is more probable. This leads to another question - has interrupt been balanced between cores? Got a raw forwarding performance of 800Kpps for 64B packets. This beat a CISCO 3845 which gave 600Kpps. Thanks for the input :). Right now my production border router (BGP+some firewall rules+some QoS, vlans @ P4 3GHz Linux 2.6, 2xBroadcom PCI-X, 1xIntel E1000 PCI-X) is 91% saturated (CPU) at peek hours and during the time it forwards 344,8Kpps with avg. packet sized 69 bytes. I'll try to determine raw forwarding performance when box goes out of production env, so we'll have a clear comparison picture. regards, The beauty was the price. $725 for the SUN hardware and $200 for the NIC card. The CISCO 3845 would cost 9K street minimum. Mohan ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] New hardware
Marek Kierdelewicz wrote: Hi there, I used a SunFire x2100 which has 2 Ghz Opteron and PCI-Xpress slot into which I plugged in a dual port gigE Intel PCI-Xpress card. What was the software configuration of this host? What kernel have you used for the test (compiled for x86 or amd64; dual-core aware sheduler or not). stock x86 32 bit kernel 2.4.20. No dual core optimisations. Out of the curiosity ... dual port nic generates one interrupt or two per port? I asume the first is more probable. This leads to another question - has interrupt been balanced between cores? I'm unaware of how it was configured. Got a raw forwarding performance of 800Kpps for 64B packets. This beat a CISCO 3845 which gave 600Kpps. Thanks for the input :). Right now my production border router (BGP+some firewall rules+some QoS, vlans @ P4 3GHz Linux 2.6, 2xBroadcom PCI-X, 1xIntel E1000 PCI-X) is 91% saturated (CPU) at peek hours and during the time it forwards 344,8Kpps with avg. packet sized 69 bytes. The Opteron was 100% utilised at 800Kpps for 64B pkts. I could do bi-directional line rate on gigE for 512/1500B pkts (approx 500/164Kpps) with 65%/25% cpu utilisation I'll try to determine raw forwarding performance when box goes out of production env, so we'll have a clear comparison picture. regards, ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] New hardware
Hi there, > I used a SunFire x2100 which has 2 Ghz Opteron and PCI-Xpress slot > into which I plugged in a dual port gigE Intel PCI-Xpress card. What was the software configuration of this host? What kernel have you used for the test (compiled for x86 or amd64; dual-core aware sheduler or not). Out of the curiosity ... dual port nic generates one interrupt or two per port? I asume the first is more probable. This leads to another question - has interrupt been balanced between cores? > Got a raw forwarding performance of 800Kpps for 64B packets. This > beat a CISCO 3845 which gave 600Kpps. Thanks for the input :). Right now my production border router (BGP+some firewall rules+some QoS, vlans @ P4 3GHz Linux 2.6, 2xBroadcom PCI-X, 1xIntel E1000 PCI-X) is 91% saturated (CPU) at peek hours and during the time it forwards 344,8Kpps with avg. packet sized 69 bytes. I'll try to determine raw forwarding performance when box goes out of production env, so we'll have a clear comparison picture. regards, -- Marek Kierdelewicz Kierownik Dzia?u Systemów Sieciowych, KoBa Manager of Network Systems Department, KoBa tel. (85) 7406466; fax. (85) 7406467 e-mail: [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
