LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Traffic shaping today
From:	Vladimir Mosgalin <[log in to unmask]>
Reply To:	Vladimir Mosgalin <[log in to unmask]>
Date:	Thu, 11 Oct 2012 19:18:59 +0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

Hi Henrique Junior!

 On 2012.10.11 at 09:23:33 -0300, Henrique Junior wrote next:

> >>> Hello, I'm doing some research about efficient ways of performing
> >>> traffic shaping in a network but all I can see is a lot of outdated
> >>> tools (wondershaper is from 2002, HTB from 2004) and CBQ is quite a bad
> >>> idea because it is "shaping" even transfers in my internal network (pc
> >>> to pc).
> >>> What are people using that is less than 8 year old and in active
> >>> development? Does anyone really compiled and successfully used
> >>> layer7-filter (for content filtering) in any RHEL 6 based system with
> >>> kernel 2.6.32? I know about ClearOS (Clear Foundation is the new
> >>> developer of layer7, but the last release of his layer7 is from 2009).
> >>>
> >>
> >> I use shorewall, although on Fedora. Very active list and developer.
> >>
> >
> > I use wshaper on some RHEL5 boxes but I don't think anything really
> > changed in RHEL6.
> >
> > Works as good today as it did 8 years ago :)
> >
> > Jeff
> >
> 
> Thanks for replying.
> I'm amazed to see that impressive projects (like layer-7) are stagnated or
> dead. Did we have any software to replace layer-7?

l7-filter works for me. I use latest version of userspace L7 filter
(with some patch IIRC). It does use more memory over time but it's not
unbearable, it can work for months nevertheless.

But it depends on task you need L7 filtering for. If it's just for
traffic shaping / QoS marks on certain kinds of traffic, it is possible,
but modern P2P protocols have adopted solutions to be mostly invisible
to this kind of filtering. Also, if you need L7 analyzing for something
else (say, load balancing), then userspace solutions simply don't cut.
There are some kernel solutions like Ultramonkey-L7
http://www.ultramonkey.info/, but I have no idea how good are they.

I'd say that L7 filtering solutions went out of fashion because most
people nowadays can't increase traffic shaping quality much by using
them, and these solutions aren't designed for more serious usage like
LB; I mean, I'd love to have fully working and supported L7 equivalent
of LVS (Linux Virtual Server), but it's just not here yet.

-- 

Vladimir

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV