- This topic is empty.
June 24, 2010 at 1:57 pm #42460
I seem to keep getting internal hosts that are either downloading large files, or games or something, and that packet size is huge, somewhere around 120-185 pkt/s, measured using ntop.
Is there a way to use tcp window shaping to delay these packets? Or perhaps if not, any plans to implement tcp window shaping in the future?
I think it would be beneficial to shape these large packets to prevent congestion, especially on lines that also contain voice/voip.
Using iptraf -> statistical breakdowns -> by packet size, with a host filter on, the host has most of its packets on the top end, towards the, 1351 to 1425, and 1426 to 1500 ranges. If there was a way to delay these packets, or classify them to be a lower priority amongst the other traffic on the same subnet.June 24, 2010 at 2:45 pm #50538
Perhaps the Packet Length match or the Fragments in the classifier may help, not sure how to use it though?June 24, 2010 at 3:14 pm #50539
Taken from here:
The TCP section, –mss, or the tcpmss, can control the size of the packet in each connection. So if a host is streaming some thing, that would be one constant connection from a remote host, and can be contained to a certain spacket size, i.e
Src: “Streaming Server” dst: Internal Host: –mss, state no more than (FW rule) x-size of packet for this conection, if too large, then DROP, or in the QoS section, if large than this, it gets this bandwidth, etc.June 24, 2010 at 10:47 pm #50540ppaliasMember
If you can find a way to mark the packets you want then you can shape them. However the option you have selected is not what you want (http://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html#TCPMSSMATCH). I’d suggest to use this match instead http://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html#LENGTHMATCHJune 25, 2010 at 3:27 pm #50541
Thanks. I’ll just have to play with iptraf more, get a better analysis of the traffic, and use the length match.
- You must be logged in to reply to this topic.