1 |
On 01/07/2011 01:58, Pandu Poluan wrote: |
2 |
> Another factor that made me re-think my setup is the 'strange' |
3 |
> characteristics of traffic between my office and our |
4 |
> brand-spankin'-new subsidiary office 14 floors below us: SSH is very |
5 |
> nice, but any big file transfers (sftp, http, ftp, cifs,*anything* |
6 |
> biggish) will run well only for the first 10 seconds or so, before |
7 |
> slowing to a crawl (and even managed to make WinSCP complaining of 'no |
8 |
> response for 15 seconds'). But the ping's have no dropped packets at |
9 |
> all. |
10 |
|
11 |
With respect to this particular syndrome, I have found the approach |
12 |
described here to be extraordinarily effective:- |
13 |
|
14 |
http://blog.edseek.com/~jasonb/articles/traffic_shaping/scenarios.html |
15 |
|
16 |
At the time of writing, the link appears to be down but you should able |
17 |
to access it via Google's cache. |
18 |
|
19 |
Also, check out the tosfix() function in FireHOL, which demonstrates the |
20 |
above implementation (and happens to be the best iptables wrapper, |
21 |
imho). There's an ebuild in portage but I would advise that you |
22 |
supplement it by grabbing the latest instance of the "firehol.sh" script |
23 |
from upstream CVS. |
24 |
|
25 |
Cheers, |
26 |
|
27 |
--Kerin |