btw, domain jira.sw.ru has no A/CNAME records in dns now and all links are not accessable.
20.07.2015 21:54, Maxim Perevedentsev пишет: > > > *1. Feature > > **a)* Switch from CBQ traffic shaper to HTB. > https://jira.sw.ru/browse/PSBM-18245 > > *b)* Added packet rate limitation. > https://jira.sw.ru/browse/PSBM-17708 > > *2. Description > > **a) *HTB traffic shaper has following advantages: > > * higher accuracy > * does not need bandwidth for interfaces > > Therefore we made bandwidth rate optional in vz.conf: > https://jira.sw.ru/browse/PSBM-28834?focusedCommentId=2503775&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2503775 > > We use BANDWIDTH parameter from vz.conf only to get list of configured > devices. So > BANDWIDTH="eth0 eth1:100000" > is a valid syntax now. > > > *b)* To prevent e.g. DoS attacks it is not enough to limit outgoing > bandwidth. Despite being limited in bandwidth, we still can produce a > great number of packets. Thus we need to limit packet rate along with > byte rate. > > This feature is implemented using HTB 'mpu' (Minimum packet unit) > param. It makes small packets with size < MPU bytes consume MPU HTB > tokens. Consequently, the maximum allowed packet rate is > TOTALRATE (bytes) / MPU (bytes/packet). > > We introduce a new *optional* parameter in vz.conf: > RATEMPU="<dev|*>:<class>[:<mpu>] ..." > > 1. If <dev>:<class> is not present in RATEMPU, no packet rate > limitation is done for it. > 2. If <mpu> is not present for <dev>:<class>, then the default MPU > (1000) is used. > > The default value of 1000 (not e.g. mtu ~ 1500) was chosen because too > high MPU makes configured TOTALRATE unreachable (TOTALRATE can be > reached only with packets of size >= MPU; such large packets are > unusual). The value of 1000 is big enough to prevent DoS but realistic > in terms of packet size. > > To implement this feature we made the following modifications: > > 1. Added RateMPU integer parameter to NetworkConfig.xsd in SDK > (*default: 0 - enabled*). > 2. Added NRM_ENABLED=0, NRM_DISABLED=-1 to PrlEnums.h in SDK. > 3. Added PrlNetworkShapingEntry_Get(Set)RateMPU functions to > PrlApiNet.h in SDK. > 4. Added RATEMPU param to default config in vzctl, added entry to > 'man 5 vz'. > 5. Necessary implementation. > > RATEMPU is enabled by default for every newly created > NetworkShapingEntry. The values 0 and -1 are special, reserved for > constants NRM_ENABLED (use default MPU value) and NRM_DISABLED (do not > limit packet rate for this entry). > > *3. Products > > *Virtuozzo 7 beta1 > > Packages: > * > **a) > * > > * libvzctl >= 7.0.61 > > *b)* > > * libprlsdk >= 7.0.20 > * prl-disp-service >= 7.0.68 > * libvzctl >= 7.0.70 > * vzctl >= 7.0.50 > > *4. Testing > > *Need to test the following cases: > * > a)* > > * Shaper is accurate, even for high rates (~1Gbit/s). > > *b)* > > * mpu parameter is used by HTB and shown in "tc -d class show ..." > * packet rate is limited by value of TOTALRATE / RATEMPU. > * packet rate limit is enabled for newly-created shaping entries > with default RATEMPU (1000). > * packet rate is disabled (if arg == -1) or RATEMPU value is equal > to given value (arg > 0) according to SetRateMPU() argument. > > *5. Known issues > * > > For mpu >= 300, there is some magic in tc, so given mpu value is split > into 'mpu' and 'overhead' parameters. * > * > > mpu HTB parameter is (was?) ignored in vz7: > https://jira.sw.ru/browse/PSBM-34874 > > *6. What was checked by developer > * > > *a) *Two servers connected with a crossover. Measured HTB accuracy, > got the following results: > https://jira.sw.ru/browse/PSBM-18245?focusedCommentId=2525949&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2525949 > > *b) *Nothing. See section 5. > > *7. Feature owner* > > *a) *i...@odin.com > *b) *mperevedent...@odin.com > > -- > Sincerely, > Maxim Perevedentsev > > > > > > > _______________________________________________ > Users mailing list > Users@openvz.org > https://lists.openvz.org/mailman/listinfo/users -- Best Regards, Nick Knutov http://knutov.com ICQ: 272873706 Voice: +7-904-84-23-130
_______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users