From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 53A2F3B29D for ; Sat, 8 Feb 2020 17:35:24 -0500 (EST) Received: by mail-qk1-x734.google.com with SMTP id j20so2859098qka.10 for ; Sat, 08 Feb 2020 14:35:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W9mOs/tTCnDFJC+YBif/ee2y0sqZKxzorCpOTXFp2dw=; b=M4G5KJwRztrfS5AOqUaAL4HR6aONteZdOBKWmYmNZRjAdG2tvBpRR6oI3Wc8E5h1fV P9YMlm3MTUNXDcpD0vnsVR6Ez36oSnzBwVmBQ2cqXmfQSVQ1RCC4gtf2AW4I2hkZjnf2 G41nx5djNVpRzFyVfyoVnod0Icz7L+32hsIoMBFgzHrV7xW8oRApAY4sHGslte4eupKE 68p8tY3K9xZhKOCbzvX4Xf4OI2OXxZeiC5MsXVaCTeW7LP4/q1vrY9M8dQPJVouFnmtk CcZ0pyAgkoyX06dR91iBLSjsJN/dZOF/r80MLOGawTAjah4fGjMXpZl1d6U/0RHaj2VY IDOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W9mOs/tTCnDFJC+YBif/ee2y0sqZKxzorCpOTXFp2dw=; b=N94SUssHvCGa8dVCQbceX0C9pAJFqJFQFFt67uy8mqV8qJ02umb4yBLVtoQMSVL0Ho ApDFSzBXZrXI2i79cxiGTA/NIQbWA03MvKkkjWh21Pm+C3ojKLwTSgKfIxKP3NuSB7oG BWIHnm++BDLGFQJIMvyiAjg2Av212eAA3KnrmDj76towSvI/zWp+cpHm20uJj/cRpG4T f33n1Jk25Sy7TdbSiXyZ6IqiKVrx1EYGmi7oyolI4ARh10sagPjcmdBRktBr8k60ShJ0 P9rJpobKjd1YIftpVIUNUpM0RdghdXMAif/L4phEj34++iKwRhtgTjHw4bo/dxWl3Z5V tsQw== X-Gm-Message-State: APjAAAUg0lgV1m/TSTci9KNQ8qIZwmFFm39FgDWjYw6gNNZCcI1WbVLo bqnL942VrvmeAOhcNiZuyj8= X-Google-Smtp-Source: APXvYqx6N51igEurp4qa0tgd3Wg4Zw1Cwq43kY04U8DtJullQupyAClZPTC0mBsQ6NctPCEFUM7pJA== X-Received: by 2002:a37:a881:: with SMTP id r123mr5060750qke.275.1581201323750; Sat, 08 Feb 2020 14:35:23 -0800 (PST) Received: from richs-mbp-10337.lan ([64.223.173.60]) by smtp.gmail.com with ESMTPSA id m27sm3711851qta.21.2020.02.08.14.35.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 08 Feb 2020 14:35:23 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) From: Rich Brown In-Reply-To: <20200207130202.5fb87763@carbon> Date: Sat, 8 Feb 2020 17:35:22 -0500 Cc: bloat@lists.bufferbloat.net Content-Transfer-Encoding: quoted-printable Message-Id: <5B290AD9-1398-4897-97F0-1CA0AA48B522@gmail.com> References: <073CE9AB-FE12-402E-BFE3-179DF7BF2093@gmail.com> <20200207130202.5fb87763@carbon> To: Jesper Dangaard Brouer , =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= X-Mailer: Apple Mail (2.3608.60.0.2.5) Subject: Re: [Bloat] Can't Run Tests Against netperf.bufferbloat.net X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2020 22:35:24 -0000 Toke and Jesper, Thanks both for these responses.=20 netperf.bufferbloat.net is running an OpenVZ VPS with a 3.10 kernel. = Tech support at Ramnode tells me that I need to get to a KVM instance in = order to use ipset and other fancy kernel stuff. Here's my plan: 1) Unless anyone can recommend a better hosting service ... 2) Over the weekend, I'll stand up a new KVM server at Ramnode. They = offer a 2GB RAM, 2 core, 65 GB SSD, with 3TB per month of data. It'll = cost $10/month: adding 2x1TB at $4/month brings it to a total of = $18/month, about what the current server costs. I can get Ubuntu 18.04 = LTS as a standard install. 3) While that's in-flight I would request that an iptables expert on the = list recommend a better strategy. (I was just makin' stuff up in the = current setup - as you could tell :-) 4) I'd also accept any thoughts about tc commands for setting up the = networking on the host to work best as a netperf server. (Maybe enable = fq_codel or better...)=20 Thanks Rich > On Feb 7, 2020, at 7:02 AM, Jesper Dangaard Brouer = wrote: >=20 > On Thu, 6 Feb 2020 18:47:06 -0500 > Rich Brown wrote: >=20 >>> On Feb 6, 2020, at 12:00 PM, Matt Taggart wrote: >>>=20 >>> This smells like a munin or smokeping plugin (or some other sort of=20= >>> monitoring) gathering data for graphing. =20 >>=20 >> Yup. That is a real possibility. The question is what we do about it. >>=20 >> If I understood, we left it at: >>=20 >> 1) Toke was going to look into some way to spread the >> 'netperf.bufferbloat.net' load across several of our netperf servers. >>=20 >> 2) Can someone give me advice about iptables/tc/? to identify IP >> addresses that make "too many" connections and either shut them off >> or dial their bandwidth back to a 3 or 5 kbps?=20 >=20 > Look at man iptables-extensions and find "connlimit" and "recent". >=20 >=20 >> (If you're terminally curious, Line 5 of >> = https://github.com/richb-hanover/netperfclean/blob/master/addtoblacklist.s= h >> shows the current iptables command to drop connections from "heavy >> users" identified in the findunfilteredips.sh script. You can read >> the current iptables rules at: >> = https://github.com/richb-hanover/netperfclean/blob/master/iptables.txt) >=20 > Sorry but this is a wrong approach. Creating an iptables rule per > source IP-address, will (as you also demonstrate) give you a VERY long > list of rules (which is evaluated sequentially by the kernel). >=20 > This should instead be solved by using an ipset (howto a match from > iptables see man iptables-extensions(8) and "set"). And use the > cmdline tool ipset to add and remove entries. >=20 > --=20 > Best regards, > Jesper Dangaard Brouer > MSc.CS, Principal Kernel Engineer at Red Hat > LinkedIn: http://www.linkedin.com/in/brouer >=20