Ugh. I've spent the last two days deep in the bowels of traffic control and shaping theory. Since I've declared myself the Networks and Systems office at work (which is just as well, since I'd have had to do everything anyway), it's my responsibility to make sure that things work right. And so I've been working on putting together the egress shaping for the network. We're down to less than half of what we used to have (about half down and a third up, I think) and twice as many people, so the Internet at work isn't exactly quick on its feet. When your job involves SSH, this becomes painful. So I implemented QoS over the past couple days. (This next part won't make any sense to the nontechnomancers out there, so feel free to stop reading here. If anybody has questions about getting this sort of a configuration to work, let me know, I'll try to answer them as best I can.)

I spent today learning that only the outermost connection (the PPoE one, in our current case) gets filtered, so putting my queueing disciplines on eth0 weren't doing me any good (eth0 being the ethernet jack going to the DSL modem). Once I got everything looking at ppp0 (the DSL PPoE connection itself) it started to actually work. SSH is better, having its packets put in a much higher priority than most of the traffic that flies through the network. I'm still trying to sort out the optimum configuration, but the one I'm using isn't too bad. It's based on hierarchal token buckets (htb), with stochastic fairness queueing (sfq) at the bottom of each bucket making sure the packets are handed out fairly at each priority level. The big question for me is where to put VNC connections, a question that should hopefully be answered tomorrow. It's effectively a six bucket system, where the top bucket is just for overhead packets, hopefully to prevent the entire network from bogging down when things get busy, the second one for low-latency work like SSH, the next for "interactive" traffic; website requests and the like, then non-interactive traffic; UDP and currently where our VNC connections are sitting, then bulk traffic; things like SCP and FTP, and finally a bucket for unrecognized packets and services. There's enough traffic going through that last bucket that I'm concerned -- I'm doing some network profiling to see if I can't figure out what all that traffic is. The heirarchy is processed in that order. Everything looks like it's going more or less smoothy at the moment, so I'm excited.

I'm going back to Flash development tomorrow... In some ways, it's nice to get a break from the low level networking stuff, but I'm not exactly overjoyed to be stuck working on the Flash horror more, even if it does need to be done. *sigh*

Labels: work

0 Comments:

Post a Comment

<< Home