[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: traffic control at input queue
> Hi, Folks:
> Currently we are doing a diffserv project using linux traffic control
> (with DiffServ patch).
> Suppose the edge router accepts traffic from some untrusted host that
> outside of DiffServ Admin Domain, I would like to apply metering and
> police (according to SLA) at input queue of the edge router. But Linux
> traffic control can be applied only at output queue of the interface.
> you have any idea ?
> My idea is that we can write a kernel module, which is registered to
> listen at NF_IP_PRE_ROUTING hook point in netfilter framework.
> and police are implemented in this kernel module so that it could
> measure the incoming data rate and do corresponding actions (e.g.,
> drop). I am wondering if the kind of kernel module is already
> implemented. Please give me some pointer to it.
I have written a real-time classifier than is composed among the other
things also by a meter (different from the one already in the kernel)
and a SLA-handler.
There is a configuration file with which you can define a set of SLAs
(DSCP oriented), es: ip/mask DSCP Bandwidth PolicyOver ... .
At the moment it is not implemented as a module and it is based on the
I am going to move it into a module and make it a little bit more
smp-aware. I was thinking to try to add this classifier to the kernel
distribution, but first I want to create the module and make it 2.4
If you are interested in testing it (or only a part of it, like
the SLA-handler) let me know.
International Center for Theoretical Physics