lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 11 Dec 2011 17:38:00 -0500 (EST)
From:	"John A. Sullivan III" <jsullivan@...nsourcedevel.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	netdev@...r.kernel.org
Subject: Re: IFB and bridges



----- Original Message -----
> From: "Eric Dumazet" <eric.dumazet@...il.com>
> To: "John A. Sullivan III" <jsullivan@...nsourcedevel.com>
> Cc: netdev@...r.kernel.org
> Sent: Sunday, December 11, 2011 3:58:26 AM
> Subject: Re: IFB and bridges
> 
> Le samedi 10 décembre 2011 à 20:15 -0500, John A. Sullivan III a
> écrit :
> > Hello, all.  This is more an "out of curiosity" question.  I'm
> > starting
> > to build a test environment for all I've learned about Linux
> > traffic
> > shaping over the last week.  One of the devices happens to be
> > configured
> > as a bridge.  It quickly became apparent that I needed to do
> > shaping on
> > the individual ports and not the bridge port.
> > 
> > This would be a real pain if I have lots of ports - 8 or 10 or 20
> > identical configurations.  Would this be an ideal use for IFB? That
> > is,
> > to redirect all ports to IFB and apply one set qdiscs/classes?
> > Thanks -
> 
> I have no idea what your problem is.
> 
> You want to shape either egress or ingress, for different reasons
> (most
> people shape egress), but on proxies an ingress and egress
> combination
> is welcomed.
> 
> But having to use ingress on the same machine in place of egress, I
> dont
> see why.
> 
> 
> 
> 
> 
I know IFB is often used for ingress but I wasn't really thinking of ingress filtering.  Let's say I have a 12 port Linux switch.  If any of the ports become backlogged, I want them to prioritize time sensitive traffic so I implement traffic shaping but I don't want to have to define my qdiscs, classes, and filters 12 times over if they are all the same.  So I would direct each port to an IFB (not sure if that's intolerable overhead), have a single set of qdiscs, classes, and filters, and, once those are applied, the packet arrives back on the same interface and proceeds assuming if has not been dropped or delayed. - John
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ