PF + ALTQ - Bandwidth per customer
Stanislav Sedov
stas at FreeBSD.org
Sat Dec 13 11:15:39 PST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 13 Dec 2008 05:29:15 -0800 (PST)
David Roseman <david_5073 at yahoo.com> mentioned:
> Well, have you run tcpdump on a network with 200Mb/s? The function is
> performed in the kernel, so its a lot more efficient than tcpdump.
>
> The monitor sorts by usage, so you can see which connection, IP or MAC
> is using the most traffic. When you're getting DOS attacked or have a worm
> you can find your problems instantly. It doesn't show each packet; it
> provides a listing of each connection, sorted from high to low usage. You
> can also use rules as filters, so you can quickly create complex filters.
>
> Turning tcpdump on a production shaper isn't an option.
>
I don't run any shapers, but I succesfully used tcpdump home-grown
scripts to do exactly the same things on a production border router
passing more than 600 Mb/s on a single interface. BTW, bpf filters ran
inside kernel entrierly.
But I see your point. The solution looks interesting. I wonder if they're
using local kernel hacks or specific netgraph module?
- --
Stanislav Sedov
ST4096-RIPE
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAklECkgACgkQK/VZk+smlYHcQgCfT9D6CFGrK+QJqmoJcRqHNDlS
nVgAn2QRNBHJEN8bz3UQSG59c9ViaISA
=WWQo
-----END PGP SIGNATURE-----
More information about the freebsd-isp
mailing list