| 1 |
On 01/07/2011 01:58, Pandu Poluan wrote: |
| 2 |
> Another factor that made me re-think my setup is the 'strange' |
| 3 |
> characteristics of traffic between my office and our |
| 4 |
> brand-spankin'-new subsidiary office 14 floors below us: SSH is very |
| 5 |
> nice, but any big file transfers (sftp, http, ftp, cifs,*anything* |
| 6 |
> biggish) will run well only for the first 10 seconds or so, before |
| 7 |
> slowing to a crawl (and even managed to make WinSCP complaining of 'no |
| 8 |
> response for 15 seconds'). But the ping's have no dropped packets at |
| 9 |
> all. |
| 10 |
|
| 11 |
With respect to this particular syndrome, I have found the approach |
| 12 |
described here to be extraordinarily effective:- |
| 13 |
|
| 14 |
http://blog.edseek.com/~jasonb/articles/traffic_shaping/scenarios.html |
| 15 |
|
| 16 |
At the time of writing, the link appears to be down but you should able |
| 17 |
to access it via Google's cache. |
| 18 |
|
| 19 |
Also, check out the tosfix() function in FireHOL, which demonstrates the |
| 20 |
above implementation (and happens to be the best iptables wrapper, |
| 21 |
imho). There's an ebuild in portage but I would advise that you |
| 22 |
supplement it by grabbing the latest instance of the "firehol.sh" script |
| 23 |
from upstream CVS. |
| 24 |
|
| 25 |
Cheers, |
| 26 |
|
| 27 |
--Kerin |
Archives