From owner-freebsd-isp@FreeBSD.ORG Wed May 18 19:36:52 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E370A16A4D3 for ; Wed, 18 May 2005 19:36:51 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7535643D67 for ; Wed, 18 May 2005 19:36:51 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so327640wri for ; Wed, 18 May 2005 12:36:45 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=htZ1L2uE53lJDJHq3rz+wi5AMEbXSMh9GJ8b4btAvs/SVrozV07Am8npdWl1Wf3Fogk8MNLt1H4cArDIEjkdxBnI4b5XBw4swoscTFm7urragMSsmCpe5K+rm8WVZT3e6PDOn3wCGpUsJ61BFd0rG7lQ5ui0wOjvW2r+eQ4zMKk= Received: by 10.54.27.65 with SMTP id a65mr634162wra; Wed, 18 May 2005 12:36:45 -0700 (PDT) Received: by 10.54.39.65 with HTTP; Wed, 18 May 2005 12:36:45 -0700 (PDT) Message-ID: <8eea04080505181236722f2fbe@mail.gmail.com> Date: Wed, 18 May 2005 12:36:45 -0700 From: Jon Simola To: KrzychK2 , freebsd-isp@freebsd.org In-Reply-To: <731745783.20050518153546@o2.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43330830.20050517234412@o2.pl> <8eea04080505171520f2b19ae@mail.gmail.com> <731745783.20050518153546@o2.pl> Subject: Re: Re[2]: Net statistics for single user X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 19:36:52 -0000 On 5/18/05, KrzychK2 wrote: > Well maybe this is a good solution but how making 200 tables will > affect to capacity of pf. 200 tables will have very little effect. Here's another example from my live 5.3-STABLE router running pf: table persist file "/etc/pf/vlan100_ips" pass in on vlan100 from to any keep state pass out on vlan100 from any to keep state That table has 2024 IPs in it, and collects traffic statistics for each IP. I'm not sure why you'd need 200 tables, I only use one or two per interface. At least one of the OpenBSD guys has the entire 1.4 million entry SBL loaded as a single table with pf. That is almost exactly the same as I still do with ipfw and dummynet (pre ipfw tables): ipfw pipe 1 config mask src-ip 0xffffffff buckets 512 ipfw pipe 2 config mask dst-ip 0xffffffff buckets 512 ipfw add 32001 pipe 1 src-ip x.x.x.0/24 bridged ipfw add 32002 pipe 2 dst-ip x.x.x.0/24 bridged and then read the counters with "ipfw pipe show". Both methods required some perl scripting to read the counters and insert the results in a database, per-ip, giving me the ability to graph and summarize customer traffic in 5 minute intevals. --=20 Jon Simola Systems Administrator ABC Communications