On Sun, 2007-01-07 at 11:00 +0100, Timo Benk wrote:
> Tim Post wrote:
> > On Sun, 2007-01-07 at 10:23 +0100, Timo Benk wrote:
> >> Ligesh wrote:
> >>> Btw, I would prefer a simplified version, just to limit the incoming
> >>> and
> >>> outgoing traffics. Nothing else.
> >> :-) Well, shaping in- and outgoing traffic is not simple with Xen and tc
> >> :-)
> >>
> >> I will share the idea, explaining the whole setup is far beyond a
> >> single posting.
> >
> > Would be a small book, actually :)
> Indeed :-)
>
> > And a handy place to stick SNORT and others. I've tried this kind of
> > setup but it's been 'choppy' at best. I'm also rather new to ebtables,
> > I'm assuming you would use ebtables to craft this, do you have some
> > scripts that you'd like to share?
> why choppy? It works on my side. BTW, no ebtables is needed to achieve
> traffic shaping. You can stick your tc rules inside Dom0 at the
> vif-Interfaces of the gateway domain. It is nothing more than tc-magic;-)
>
ebtables + tc seemed to be producing the best results for others
according to the research I did, so that's the route I've been going.
When I/O on the guests are normal / nominal there is no degradation of
network performance, however when they really begin accessing and
working their VBD's, networking gets .. 'choppy' for lack of a simpler
description. This is not the case when I use plain old bridged
networking on dom-0 without trying to pass through an appliance.
Choppy refers to latency obviously, it seems like the guests are behind
an overworked load balancer.
These are my bridge settings: [ in and out ] on the appliance guest :
bridge_fd 0
bridge_maxwait 0
bridge_helo 0
bridge_stp off
I'm not assigning priority weights to any of the bridges as its a pass
thru setup where all are equally important.
Am I going wrong somewhere?
Thanks :)
--Tim
> Greetings,
> -timo
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home