Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 13 Dec 2008 22:17:24 +0300
From:      Stanislav Sedov <stas@FreeBSD.org>
To:        david_5073@yahoo.com
Cc:        freebsd-isp@freebsd.org, Sebastian =?UTF-8?Q?Tymk=C3=B3w?= <sebastian.tymkow@gmail.com>, Marcello Barreto <marcello@linconet.com.br>
Subject:   Re: PF + ALTQ - Bandwidth per customer
Message-ID:  <20081213221724.64f7c747.stas@FreeBSD.org>
In-Reply-To: <282383.15620.qm@web38502.mail.mud.yahoo.com>
References:  <20081202012350.5f2415f3.stas@FreeBSD.org> <282383.15620.qm@web38502.mail.mud.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 13 Dec 2008 05:29:15 -0800 (PST)
David Roseman <david_5073@yahoo.com> mentioned:

> Well, have you run tcpdump on a network with 200Mb/s? The function is 
> performed in the kernel, so its a lot more efficient than tcpdump.
> 
> The monitor sorts by usage, so you can see which connection, IP or MAC
> is using the most traffic. When you're getting DOS attacked or have a worm
> you can find your problems instantly. It doesn't show each packet; it 
> provides a listing of each connection, sorted from high to low usage. You
> can also use rules as filters, so you can quickly create complex filters.
> 
> Turning tcpdump on a production shaper isn't an option.
> 

I don't run any shapers, but I succesfully used tcpdump home-grown
scripts to do exactly the same things on a production border router
passing more than 600 Mb/s on a single interface. BTW, bpf filters ran
inside kernel entrierly.

But I see your point. The solution looks interesting. I wonder if they're
using local kernel hacks or specific netgraph module?

- -- 
Stanislav Sedov
ST4096-RIPE
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAklECkgACgkQK/VZk+smlYHcQgCfT9D6CFGrK+QJqmoJcRqHNDlS
nVgAn2QRNBHJEN8bz3UQSG59c9ViaISA
=WWQo
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081213221724.64f7c747.stas>