Chuck Kollars wrote: >I unfortunately didn't explain in my post (already too >long:-) that I'm already prioritizing traffic, that >I'm concerned with the _next_ step, with the >possibility that some "bulk" traffic will shut out >other "bulk" traffic.
TBH I wouldn't worry about it - unless you have some users who downloads LOADS then the worst case is that some downloads will take longer to finish. If you are already applying prioritisation then the bulk downloads won't affect interactive traffic. >As I understand it, Shorewall >uses HTB to enforce priorities, then uses SFQ within >each priority level to try to enfore fairness. > >As I understand it, I can (and do) use "ingress" >marking to note priorities ...but there doesn't seem >to be any reasonable way to distinguish different >source nodes. (Except of course using a different mark >for every Source IP, which with several hundred inside >systems is far too weird and difficult.) You understand correctly. >It seems to me that if my SFQ modifications could do a >quick lookup of the original Source IP in the CONNMARK >table, I could get the behavior I want. But otherwise, >as you confirm if I understand you correctly, there >really isn't any way. All I can do is hope the >prioritization is sufficient and not worry about also >trying to solve the follow-on problem. Well you could look into the code and see if there might be a way to modify the SFQ code ... ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
