On 01/07/2011 01:58, Pandu Poluan wrote:
Another factor that made me re-think my setup is the 'strange'
characteristics of traffic between my office and our
brand-spankin'-new subsidiary office 14 floors below us: SSH is very
nice, but any big file transfers (sftp, http, ftp, cifs,*anything*
biggish) will run well only for the first 10 seconds or so, before
slowing to a crawl (and even managed to make WinSCP complaining of 'no
response for 15 seconds'). But the ping's have no dropped packets at
all.
With respect to this particular syndrome, I have found the approach
described here to be extraordinarily effective:-
http://blog.edseek.com/~jasonb/articles/traffic_shaping/scenarios.html
At the time of writing, the link appears to be down but you should able
to access it via Google's cache.
Also, check out the tosfix() function in FireHOL, which demonstrates the
above implementation (and happens to be the best iptables wrapper,
imho). There's an ebuild in portage but I would advise that you
supplement it by grabbing the latest instance of the "firehol.sh" script
from upstream CVS.
Cheers,
--Kerin
