TCP Window Shaping

This topic contains 3 replies, has 0 voices, and was last updated by  AtroposX 8 years, 9 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42460

    AtroposX
    Member

    I seem to keep getting internal hosts that are either downloading large files, or games or something, and that packet size is huge, somewhere around 120-185 pkt/s, measured using ntop.

    Is there a way to use tcp window shaping to delay these packets? Or perhaps if not, any plans to implement tcp window shaping in the future?

    I think it would be beneficial to shape these large packets to prevent congestion, especially on lines that also contain voice/voip.

    Using iptraf -> statistical breakdowns -> by packet size, with a host filter on, the host has most of its packets on the top end, towards the, 1351 to 1425, and 1426 to 1500 ranges. If there was a way to delay these packets, or classify them to be a lower priority amongst the other traffic on the same subnet.

    #50538

    AtroposX
    Member

    Perhaps the Packet Length match or the Fragments in the classifier may help, not sure how to use it though?

    #50539

    AtroposX
    Member

    Taken from here:
    http://linux.die.net/man/8/iptables

    The TCP section, –mss, or the tcpmss, can control the size of the packet in each connection. So if a host is streaming some thing, that would be one constant connection from a remote host, and can be contained to a certain spacket size, i.e

    Src: “Streaming Server” dst: Internal Host: –mss, state no more than (FW rule) x-size of packet for this conection, if too large, then DROP, or in the QoS section, if large than this, it gets this bandwidth, etc.

    #50540

    ppalias
    Member

    If you can find a way to mark the packets you want then you can shape them. However the option you have selected is not what you want (http://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html#TCPMSSMATCH). I’d suggest to use this match instead http://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html#LENGTHMATCH

    #50541

    AtroposX
    Member

    Thanks. I’ll just have to play with iptraf more, get a better analysis of the traffic, and use the length match.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.