hi I would like to ask is the following config correct for what I want to
achieve ...
Scenario:
I have 3 networks 192.168.12.0/24, 192.168.48.0/24, 192.168.56.0/24 and most
of the users use 1 IP, some of them more...
If I make flat u32-filter search the box will make aprox/max 3 * 256 = 768
checks for every IP, so i''m deciding to deploy u32 hashes..
Here is the config I think to use (i''m ommiting some of the filter
syntax for simplicity) :
protocol ip u32
#what is the divisor meaning !?
handle 5: protocol ip u32 divisor 256
u32 ht 800::
match ip src 192.168.12.0/24
match ip src 192.168.48.0/24
match ip src 192.168.56.0/24
#13 is the third octet in the IP address isnt ''it
hashkey mask 0x000000ff at 13
link 5:
# c => 12 ,
u32 ht 5:c: match ip src 192.168.12.1 flowid 1:1
u32 ht 5:c: match ip src 192.168.12.2 flowid 1:2
.....
# 30 => 48
u32 ht 5:30: match ip src 192.168.48.1 flowid 1:257
u32 ht 5:30: match ip src 192.168.48.2 flowid 1:258
......
#38 => 56
u32 ht 5:38: match ip src 192.168.56.1 flowid 1:513
..................
If that is OK, then my next question comes in :").. if I know how much
networks I will support with a given
qos-box to calculate the best possible variant how to subdivide filters.. I mean
it will be better if I
divide them not by class-C but on smaller group...Lets make some calculations :
I expect to handle maximum 10 class C networks with one box. This means that if
the checks are divided
by class-C (like above) the max number of check would be (calculations are
aproximate so that they are
easy for understanding) :
class-C ===> 10 + 256 = 267 checks
If I divide the check for every 128 ip''s now first level checks goes
from 10 --> 20
128 ip''s level1 ===> 20 + 128 = 148
next....
64 ip''s level1 ===> 40 + 64 = 104
next .....
32 ip''s level1 ===> 80 + 32 = 112
From the calculation is seen that for my scenario of 10 class-C nets the best
will be to divide the checks
per 64 ip''s.
So my question is how TO DO IT ? i.e. make the hash check in a way to compare
sub-nets ? example pls ?
I have to change the
hashkey mask 0x000000ff at 13
to :
hashkey mask 0x000000XX at 13 :"), fill in..
For those that dont see reason for doing this, one more calculation :
10 class-C nets * 256 ips = 2560 checks
so in the simple classC scenario we have 10 fold speed up, and for the 64 ips -
25 times faster....
Subquestion : is there a way to see exactly which subsystem takes what cpu time,
on the top/atop
output we see just the total SYSTEM cpu time but now how it is divided by the
net framework..
if we have such info we will know how to tune the system better ?!
tia
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/