From: Joe Shen (no email)
Date: Tue Dec 06 2005 - 11:31:24 EST
Could IPtables control traffic with inspecting layer7
information?
As someone suggested, bandwidth allocation could be
done with TCP protocol control ( ACK dropping or so);
How can we do that? NBAR only limit the bandwidth, and
to our experience with cisco7609 it cost a lot of cpu
time!
Where can I find QoS experiemnt result and sample
configuration of ERX14xx?
Joe
--- Ejay Hire <> wrote:
>
> Hello.
>
> Going back to your original question, how to keep
> from
> saturating the network with residential users using
> bittorrent/edonkey et al, while suffocating business
> customers. Here goes.
>
> Netfilter/IpTables (and a slew of commercial
> products I'm
> sure) has a Layer 7 traffic classifier, meaning it
> can
> identify specific file transfer applications and set
> a
> DiffServ bit. This means it can tell between a real
> http
> request and a edonkey transfer, even if they are
> both using
> http. It also has rate-limiting capability. So...
> If you
> pass all of the traffic destined for your DSL
> customers
> through an iptables box (single point of failure)
> then you
> can classify and rate-limit the downstream rate on a
> per-application basis.
>
> Fwiw, if you are using diffserv bits, you could push
> the
> rate-limits down to the router with a qos policy in
> it
> instead of doing it all in the iptables box.
>
> References on this.. The netfilter website (for
> classification info) and the Linux advanced router
> tools
> (LART) (qos info/rate limiting)
>
> -e
>
>
> > -----Original Message-----
> > From:
> [mailto:]
> On
> > Behalf Of Kim Onnel
> > Sent: Thursday, December 01, 2005 3:26 AM
> > To: NANGO
> > Subject: Re: QoS for ADSL customers
> >
> > Can any one please suggest to me any commercial or
> none
> > solution to cap the download stream traffic, our
> upstream
> > will not recieve marked traffic from us, so what
> can be
> done ?
> >
> >
> > On 11/29/05, Kim Onnel <>
> wrote:
> >
> > Hello everyone,
> >
> > We have Juniper ERX as BRAS for ADSL, its GigE
> > interface is on an old Cisco 3508 switch with an
> old IOS,
> its
> > gateway to the internet is a 7609, our transit
> internet
> links
> > terminate on GigaE, Flexwan on the 7600
> >
> > The links are now almost always fully utilized,
> we
> want
> > to do some QoS to cap our ADSL downstream, to give
> room
> for
> > the Corp. customers traffic to flow without pain.
> >
> > I'm here to collect ideas, comments, advises and
> > experiences for such situations.
> >
> > Our humble approach was to collect some p2p ports
> and
> > police traffic to these ports, but the traffic
> wasnt much,
>
> > one other thing is rate-limiting per ADSL
> customers IPs,
> but
> > that wasnt supported by management, so we thought
> of
> matching
> > ADSL www traffic and doing exceed action is
> transmit, and
> > police other IP traffic.
> >
> > Doing so on the ERX wasnt a nice experience, so
> we're
> > trying to do it on the cisco.
> >
> > Thanks
> >
> >
> >
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 1GB free storage!
http://sg.whatsnew.mail.yahoo.com
|
|
|