Date: Sat, 13 Dec 2008 22:17:24 +0300 From: Stanislav Sedov <stas@FreeBSD.org> To: david_5073@yahoo.com Cc: freebsd-isp@freebsd.org, Sebastian =?UTF-8?Q?Tymk=C3=B3w?= <sebastian.tymkow@gmail.com>, Marcello Barreto <marcello@linconet.com.br> Subject: Re: PF + ALTQ - Bandwidth per customer Message-ID: <20081213221724.64f7c747.stas@FreeBSD.org> In-Reply-To: <282383.15620.qm@web38502.mail.mud.yahoo.com> References: <20081202012350.5f2415f3.stas@FreeBSD.org> <282383.15620.qm@web38502.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 13 Dec 2008 05:29:15 -0800 (PST) David Roseman <david_5073@yahoo.com> mentioned: > Well, have you run tcpdump on a network with 200Mb/s? The function is > performed in the kernel, so its a lot more efficient than tcpdump. > > The monitor sorts by usage, so you can see which connection, IP or MAC > is using the most traffic. When you're getting DOS attacked or have a worm > you can find your problems instantly. It doesn't show each packet; it > provides a listing of each connection, sorted from high to low usage. You > can also use rules as filters, so you can quickly create complex filters. > > Turning tcpdump on a production shaper isn't an option. > I don't run any shapers, but I succesfully used tcpdump home-grown scripts to do exactly the same things on a production border router passing more than 600 Mb/s on a single interface. BTW, bpf filters ran inside kernel entrierly. But I see your point. The solution looks interesting. I wonder if they're using local kernel hacks or specific netgraph module? - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAklECkgACgkQK/VZk+smlYHcQgCfT9D6CFGrK+QJqmoJcRqHNDlS nVgAn2QRNBHJEN8bz3UQSG59c9ViaISA =WWQo -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081213221724.64f7c747.stas>