Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:iptables:l7patch [2007/06/09 17:31] a |
linux:iptables:l7patch [2009/05/25 00:35] (current) |
||
|---|---|---|---|
| Line 48: | Line 48: | ||
| You will have now every p2p packet marked, but a dramtic reduce of udp | You will have now every p2p packet marked, but a dramtic reduce of udp | ||
| mismatches. | mismatches. | ||
| + | |||
| ===== Yet another way to do it .. ===== | ===== Yet another way to do it .. ===== | ||
| Line 81: | Line 82: | ||
| -fPIC -c libipt_ipp2p.c | -fPIC -c libipt_ipp2p.c | ||
| ld -shared -o libipt_ipp2p.so libipt_ipp2p.o | ld -shared -o libipt_ipp2p.so libipt_ipp2p.o | ||
| + | |||
| + | ==== Which CPU for heavy traffic with much filtering/ | ||
| + | < | ||
| + | > Subject: Re: [LARTC] Which CPU for heavy traffic with much | ||
| + | > filtering/ | ||
| + | > Date: Mon, 19 Nov 2007 17:40:34 +0100 | ||
| + | > | ||
| + | > >Hi | ||
| + | > | ||
| + | > Hi | ||
| + | > | ||
| + | > >I have a router with a large number of iptables rules and some | ||
| + | > > | ||
| + | > | ||
| + | > Performance boost tips: | ||
| + | > | ||
| + | > - Use " | ||
| + | > cpu usage. | ||
| + | > | ||
| + | > - Use hashing filters for shaping if you're using many u32 filters. | ||
| + | > | ||
| + | > - configure conntrack to use bigger hashsize for better performance; | ||
| + | > i'm passing following parameter to kernel in grub to achieve this: | ||
| + | > ip_conntrack.hashsize=1048575 | ||
| + | > | ||
| + | > - configure routecache to use bigger to use more memory for better | ||
| + | > performance; | ||
| + | > achieve this: rhash_entries=2400000 | ||
| + | > | ||
| + | > >1. What processors should I be looking for in order to achieve the | ||
| + | > >best routing throughput on a linux router? | ||
| + | > | ||
| + | > I've had good experiences with P4 (with and without HT), Athlon64, Xeon | ||
| + | > [dempsey], Xeon [woodcrest]. The last one is the best choice because of | ||
| + | > the large cache and architecture. I think you can use Core 2 Duo too | ||
| + | > if you want to save some money. | ||
| + | > | ||
| + | > >2. Is it true that multicore processors will not help much in this | ||
| + | > > | ||
| + | > | ||
| + | > Not true. In your setup with two nics with same load you can easily use | ||
| + | > two cores. You can assign each nic to different core by the means of | ||
| + | > smp_affinity setting in / | ||
| + | </ | ||
| + | |||
| + | ==== L7filtering + CentOS ==== | ||
| + | * [[http:// | ||
| + | |||
