From owner-freebsd-isp@FreeBSD.ORG Sat Dec 13 19:15:38 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F18E71065672 for ; Sat, 13 Dec 2008 19:15:38 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from mx0.deglitch.com (backbone.deglitch.com [IPv6:2001:16d8:fffb:4::abba]) by mx1.freebsd.org (Postfix) with ESMTP id A97C78FC14 for ; Sat, 13 Dec 2008 19:15:38 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from orion.SpringDaemons.com (drsun1.dialup.corbina.ru [85.21.245.235]) by mx0.deglitch.com (Postfix) with ESMTPSA id B75CA8FC1F; Sat, 13 Dec 2008 22:15:36 +0300 (MSK) Received: from orion (localhost [127.0.0.1]) by orion.SpringDaemons.com (Postfix) with SMTP id 09BAB3996C; Sat, 13 Dec 2008 22:17:29 +0300 (MSK) Date: Sat, 13 Dec 2008 22:17:24 +0300 From: Stanislav Sedov To: david_5073@yahoo.com Message-Id: <20081213221724.64f7c747.stas@FreeBSD.org> In-Reply-To: <282383.15620.qm@web38502.mail.mud.yahoo.com> References: <20081202012350.5f2415f3.stas@FreeBSD.org> <282383.15620.qm@web38502.mail.mud.yahoo.com> Organization: The FreeBSD Project X-XMPP: ssedov@jabber.ru X-Voice: +7 916 849 20 23 X-PGP-Fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, Sebastian =?UTF-8?Q?Tymk=C3=B3w?= , Marcello Barreto Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 19:15:39 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 13 Dec 2008 05:29:15 -0800 (PST) David Roseman mentioned: > Well, have you run tcpdump on a network with 200Mb/s? The function is > performed in the kernel, so its a lot more efficient than tcpdump. > > The monitor sorts by usage, so you can see which connection, IP or MAC > is using the most traffic. When you're getting DOS attacked or have a worm > you can find your problems instantly. It doesn't show each packet; it > provides a listing of each connection, sorted from high to low usage. You > can also use rules as filters, so you can quickly create complex filters. > > Turning tcpdump on a production shaper isn't an option. > I don't run any shapers, but I succesfully used tcpdump home-grown scripts to do exactly the same things on a production border router passing more than 600 Mb/s on a single interface. BTW, bpf filters ran inside kernel entrierly. But I see your point. The solution looks interesting. I wonder if they're using local kernel hacks or specific netgraph module? - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAklECkgACgkQK/VZk+smlYHcQgCfT9D6CFGrK+QJqmoJcRqHNDlS nVgAn2QRNBHJEN8bz3UQSG59c9ViaISA =WWQo -----END PGP SIGNATURE-----