From owner-freebsd-questions@FreeBSD.ORG Wed Apr 2 23:17:34 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DABFD1065670 for ; Wed, 2 Apr 2008 23:17:34 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 834F88FC24 for ; Wed, 2 Apr 2008 23:17:34 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from TEDSDSK (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.13.8/8.13.8) with SMTP id m32NHBGa032378; Wed, 2 Apr 2008 16:17:12 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Giorgos Keramidas" , "Wojciech Puchar" Date: Wed, 2 Apr 2008 15:18:11 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914 In-Reply-To: <87iqz0kv6w.fsf@kobe.laptop> Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (mail.freebsd-corp-net-guide.com [65.75.192.90]); Wed, 02 Apr 2008 16:17:15 -0700 (PDT) Cc: freebsd@top-consulting.net, freebsd-questions@freebsd.org Subject: RE: FreeBSD Traffic Shaping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2008 23:17:35 -0000 > -----Original Message----- > From: Giorgos Keramidas [mailto:keramida@ceid.upatras.gr] > Sent: Wednesday, April 02, 2008 9:45 AM > To: Wojciech Puchar > Cc: Ted Mittelstaedt; freebsd@top-consulting.net; > freebsd-questions@freebsd.org > Subject: Re: FreeBSD Traffic Shaping > > > On Wed, 2 Apr 2008 11:30:44 +0200 (CEST), Wojciech Puchar > wrote: > >> The vast majority of people out there have asymmetrical bandwidth > >> limiting needs - that is, they have a pipe to the Internet and have a > >> lot more data coming from the Internet to them, than data going from > >> them to the Internet. Their desire is to somehow make it so that > >> certain kinds of incoming data meeting certain criteria are limited. > >> Their problem is that since they don't have control of the end > >> sending the data to them, they can't do this. > > > > but you ROUGHLY can do this with ipfw. > > by limiting at your end - the other end will slow down. > > Unless the sending endpoint just ignores your limited incoming pipe > characteristics and keeps flooding you with DNS or ICMP requests, until > you scream for help. > It's not just that. It's also stuff like kazza, and theres this shareware downloader out there I forget the name of which opens multiple connections to multiple sites, which also will not be limited. Oh and I also forgot online games too, some will ignore the limiters. (it's been my observation, that is) And, things like incoming e-mail spammers, the spam handshakes that their spam networks send are too short, and will come in full-bore. The other problem is that because the limiting works by delaying traffic so that the tcp sliding window is exceeded, if the sender and recipient put up large enough tcp receive windows they should be able to defeat it. This used to be standard advice for windows 2K and under as the registry could be modded to change those parameters. (since the defaults were too small for the Internet) Ted