From: Rich Brown <richb.hanover@gmail.com>
To: "Jesper Dangaard Brouer" <brouer@redhat.com>,
"Toke Høiland-Jørgensen" <toke@toke.dk>
Cc: bloat@lists.bufferbloat.net
Subject: Re: [Bloat] Can't Run Tests Against netperf.bufferbloat.net
Date: Sat, 8 Feb 2020 17:35:22 -0500 [thread overview]
Message-ID: <5B290AD9-1398-4897-97F0-1CA0AA48B522@gmail.com> (raw)
In-Reply-To: <20200207130202.5fb87763@carbon>
Toke and Jesper,
Thanks both for these responses.
netperf.bufferbloat.net is running an OpenVZ VPS with a 3.10 kernel. Tech support at Ramnode tells me that I need to get to a KVM instance in order to use ipset and other fancy kernel stuff.
Here's my plan:
1) Unless anyone can recommend a better hosting service ...
2) Over the weekend, I'll stand up a new KVM server at Ramnode. They offer a 2GB RAM, 2 core, 65 GB SSD, with 3TB per month of data. It'll cost $10/month: adding 2x1TB at $4/month brings it to a total of $18/month, about what the current server costs. I can get Ubuntu 18.04 LTS as a standard install.
3) While that's in-flight I would request that an iptables expert on the list recommend a better strategy. (I was just makin' stuff up in the current setup - as you could tell :-)
4) I'd also accept any thoughts about tc commands for setting up the networking on the host to work best as a netperf server. (Maybe enable fq_codel or better...)
Thanks
Rich
> On Feb 7, 2020, at 7:02 AM, Jesper Dangaard Brouer <brouer@redhat.com> wrote:
>
> On Thu, 6 Feb 2020 18:47:06 -0500
> Rich Brown <richb.hanover@gmail.com> wrote:
>
>>> On Feb 6, 2020, at 12:00 PM, Matt Taggart wrote:
>>>
>>> This smells like a munin or smokeping plugin (or some other sort of
>>> monitoring) gathering data for graphing.
>>
>> Yup. That is a real possibility. The question is what we do about it.
>>
>> If I understood, we left it at:
>>
>> 1) Toke was going to look into some way to spread the
>> 'netperf.bufferbloat.net' load across several of our netperf servers.
>>
>> 2) Can someone give me advice about iptables/tc/? to identify IP
>> addresses that make "too many" connections and either shut them off
>> or dial their bandwidth back to a 3 or 5 kbps?
>
> Look at man iptables-extensions and find "connlimit" and "recent".
>
>
>> (If you're terminally curious, Line 5 of
>> https://github.com/richb-hanover/netperfclean/blob/master/addtoblacklist.sh
>> shows the current iptables command to drop connections from "heavy
>> users" identified in the findunfilteredips.sh script. You can read
>> the current iptables rules at:
>> https://github.com/richb-hanover/netperfclean/blob/master/iptables.txt)
>
> Sorry but this is a wrong approach. Creating an iptables rule per
> source IP-address, will (as you also demonstrate) give you a VERY long
> list of rules (which is evaluated sequentially by the kernel).
>
> This should instead be solved by using an ipset (howto a match from
> iptables see man iptables-extensions(8) and "set"). And use the
> cmdline tool ipset to add and remove entries.
>
> --
> Best regards,
> Jesper Dangaard Brouer
> MSc.CS, Principal Kernel Engineer at Red Hat
> LinkedIn: http://www.linkedin.com/in/brouer
>
next prev parent reply other threads:[~2020-02-08 22:35 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.5.1581008402.30625.bloat@lists.bufferbloat.net>
2020-02-06 23:47 ` Rich Brown
2020-02-07 11:11 ` Toke Høiland-Jørgensen
2020-02-07 12:02 ` Jesper Dangaard Brouer
2020-02-08 22:35 ` Rich Brown [this message]
2020-02-08 23:17 ` Rich Brown
2020-02-09 16:31 ` Dave Taht
2020-02-09 19:08 ` Dave Taht
2020-02-05 2:18 Taran Lynn
2020-02-05 8:15 ` Toke Høiland-Jørgensen
2020-02-05 14:49 ` Rich Brown
2020-02-05 16:12 ` Toke Høiland-Jørgensen
2020-02-05 21:55 ` Matt Taggart
2020-02-05 8:57 ` Sebastian Moeller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/bloat.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5B290AD9-1398-4897-97F0-1CA0AA48B522@gmail.com \
--to=richb.hanover@gmail.com \
--cc=bloat@lists.bufferbloat.net \
--cc=brouer@redhat.com \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox