Community discussions

MUM Europe 2020
 
User avatar
Equis
Forum Veteran
Forum Veteran
Topic Author
Posts: 888
Joined: Mon Jun 06, 2005 6:48 am

Why Mark Connection?

Sat Aug 26, 2006 6:31 am

Hello

When we do shapping we mark conection and then mark the packects.
When is the reason for marking the connection?

What happens with conectionless things like udp?

Thanks :-)
Last edited by Equis on Sat Aug 26, 2006 3:07 pm, edited 1 time in total.
 
pekr
Member Candidate
Member Candidate
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Sat Aug 26, 2006 2:32 pm

Well, that was the kind of question, which bothered me too. Not sure if related to NAT (masquarading), but generally I think that you mark your connection just because of it. Then MT tracks the connection for you (correct me, if I am wrong, please :-)

If you can see, your marked packets are just equal to your marked connections, so marking packets does not add anything for you. The thing is, when you look at queue definition, you can add your "packet mark", not "connection mark".

So, my understanding is, that marking connecion is just helper to be able to properly mark packets.

One guy told me, that it would be easier to do shaping without masquarading, and insert one other router in front of your router, doing only masquarading. Can anyone confirm, that NAT is generally complicating our situation here? :-)

Thanks,
Petr
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Sat Aug 26, 2006 2:49 pm

Personally I only do connection marking then packet marking for p2p. By marking the connection of a P2P connection, I have less risk of them floating around my filters and queues.

For almost everything else I just mark packets.
 
User avatar
sten
Forum Veteran
Forum Veteran
Posts: 920
Joined: Tue Jun 01, 2004 12:10 pm

Sat Aug 26, 2006 8:36 pm

if you mark a packet with a connection mark, connection tracking will remember the mark whenever the return/consecutive packet(s) in the stream come along. You mark a stream/connection once and connection marking will remember it until the stream/connection is gone from the connections table.

A packet mark is forgotten as soon as the packet exits the router.

The reason there is two different ones is that you might want to apply different policies to packets that belong to the same stream/connection.

udp is connectionless but is considered a connection when udp packets flow through the router and a return packet of that exact host/port combination is returned. same goes for ip but there is no port combination.

Thus you must mark peer2peer connections with a connection mark and then a packet mark based on the connection mark to apply queueing. Otherwise you would just apply queueing to a single packet in the stream/connection (and that wouldnt make for very good peer2peer shaping!)
Move along. Nothing to see here.

Who is online

Users browsing this forum: Bing [Bot], reinerotto, tdw and 42 guests