Could IPtables control traffic with inspecting layer7 information?
As someone suggested, bandwidth allocation could be done with TCP protocol control ( ACK dropping or so); How can we do that? NBAR only limit the bandwidth, and to our experience with cisco7609 it cost a lot of cpu time! Where can I find QoS experiemnt result and sample configuration of ERX14xx? Joe --- Ejay Hire <[EMAIL PROTECTED]> wrote: > > Hello. > > Going back to your original question, how to keep > from > saturating the network with residential users using > bittorrent/edonkey et al, while suffocating business > customers. Here goes. > > Netfilter/IpTables (and a slew of commercial > products I'm > sure) has a Layer 7 traffic classifier, meaning it > can > identify specific file transfer applications and set > a > DiffServ bit. This means it can tell between a real > http > request and a edonkey transfer, even if they are > both using > http. It also has rate-limiting capability. So... > If you > pass all of the traffic destined for your DSL > customers > through an iptables box (single point of failure) > then you > can classify and rate-limit the downstream rate on a > per-application basis. > > Fwiw, if you are using diffserv bits, you could push > the > rate-limits down to the router with a qos policy in > it > instead of doing it all in the iptables box. > > References on this.. The netfilter website (for > classification info) and the Linux advanced router > tools > (LART) (qos info/rate limiting) > > -e > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On > > Behalf Of Kim Onnel > > Sent: Thursday, December 01, 2005 3:26 AM > > To: NANGO > > Subject: Re: QoS for ADSL customers > > > > Can any one please suggest to me any commercial or > none > > solution to cap the download stream traffic, our > upstream > > will not recieve marked traffic from us, so what > can be > done ? > > > > > > On 11/29/05, Kim Onnel <[EMAIL PROTECTED]> > wrote: > > > > Hello everyone, > > > > We have Juniper ERX as BRAS for ADSL, its GigE > > interface is on an old Cisco 3508 switch with an > old IOS, > its > > gateway to the internet is a 7609, our transit > internet > links > > terminate on GigaE, Flexwan on the 7600 > > > > The links are now almost always fully utilized, > we > want > > to do some QoS to cap our ADSL downstream, to give > room > for > > the Corp. customers traffic to flow without pain. > > > > I'm here to collect ideas, comments, advises and > > experiences for such situations. > > > > Our humble approach was to collect some p2p ports > and > > police traffic to these ports, but the traffic > wasnt much, > > > one other thing is rate-limiting per ADSL > customers IPs, > but > > that wasnt supported by management, so we thought > of > matching > > ADSL www traffic and doing exceed action is > transmit, and > > police other IP traffic. > > > > Doing so on the ERX wasnt a nice experience, so > we're > > trying to do it on the cisco. > > > > Thanks > > > > > > > > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 1GB free storage! http://sg.whatsnew.mail.yahoo.com
