[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: traffic control at input queue

> Hi, Folks:
> Currently we are doing a diffserv project using linux traffic control
> (with DiffServ patch).
> Suppose the edge router accepts traffic from some untrusted host that 
> outside of DiffServ Admin Domain, I would like to apply metering and
> police (according to SLA) at input queue of the edge router. But Linux
> traffic control can be applied only at output queue of the interface. 
> you have any idea ?
> My idea is that we can write a kernel module, which is registered to
> listen at NF_IP_PRE_ROUTING hook point in netfilter framework. 
> and police are implemented in this kernel module so that it could
> measure the incoming data rate and do corresponding actions (e.g.,
> drop). I am wondering if the kind of kernel module is already
> implemented. Please give me some pointer to it.

I have written a real-time classifier than is composed among the other 
things also by a meter (different from the one already in the kernel) 
and a SLA-handler.
There is a configuration file with which you can define a set of SLAs 
(DSCP oriented), es: ip/mask DSCP Bandwidth PolicyOver ... .
At the moment it is not implemented as a module and it is based on the 
kernel 2.2.14.
I am going to move it into a module and make it a little bit more 
smp-aware. I was thinking to try to add this classifier to the kernel 
distribution, but first I want to create the module and make it 2.4 
If you are interested in testing it (or only a part of it, like 
the SLA-handler) let me know. 


Christian Benvenuti
International Center for Theoretical Physics
Trieste, Italy