This topic contains 3 replies, has 0 voices, and was last updated by 
-
Posts
-
I seem to keep getting internal hosts that are either downloading large files, or games or something, and that packet size is huge, somewhere around 120-185 pkt/s, measured using ntop.
Is there a way to use tcp window shaping to delay these packets? Or perhaps if not, any plans to implement tcp window shaping in the future?
I think it would be beneficial to shape these large packets to prevent congestion, especially on lines that also contain voice/voip.
Using iptraf -> statistical breakdowns -> by packet size, with a host filter on, the host has most of its packets on the top end, towards the, 1351 to 1425, and 1426 to 1500 ranges. If there was a way to delay these packets, or classify them to be a lower priority amongst the other traffic on the same subnet.
Perhaps the Packet Length match or the Fragments in the classifier may help, not sure how to use it though?
Taken from here:
http://linux.die.net/man/8/iptablesThe TCP section, –mss, or the tcpmss, can control the size of the packet in each connection. So if a host is streaming some thing, that would be one constant connection from a remote host, and can be contained to a certain spacket size, i.e
Src: “Streaming Server” dst: Internal Host: –mss, state no more than (FW rule) x-size of packet for this conection, if too large, then DROP, or in the QoS section, if large than this, it gets this bandwidth, etc.
If you can find a way to mark the packets you want then you can shape them. However the option you have selected is not what you want (http://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html#TCPMSSMATCH). I’d suggest to use this match instead http://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html#LENGTHMATCH
Thanks. I’ll just have to play with iptraf more, get a better analysis of the traffic, and use the length match.
You must be logged in to reply to this topic.