Re: Re[2]: Net statistics for single user

• Previous message: cknandu_at_binanizinc.co.in: "Qmail problem - SOS"
• Maybe in reply to: KrzychK2: "Net statistics for single user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 18 May 2005 12:36:45 -0700
To: KrzychK2 <krzychk2@o2.pl>, freebsd-isp@freebsd.org

On 5/18/05, KrzychK2 <krzychk2@o2.pl> wrote:

> Well maybe this is a good solution but how making 200 tables will
> affect to capacity of pf.

200 tables will have very little effect. Here's another example from
my live 5.3-STABLE router running pf:

table <vlan100_ips> persist file "/etc/pf/vlan100_ips"
pass in on vlan100 from <vlan100_ips> to any keep state
pass out on vlan100 from any to <vlan100_ips> keep state

That table has 2024 IPs in it, and collects traffic statistics for
each IP. I'm not sure why you'd need 200 tables, I only use one or two
per interface. At least one of the OpenBSD guys has the entire 1.4
million entry SBL loaded as a single table with pf.

That is almost exactly the same as I still do with ipfw and dummynet
(pre ipfw tables):
ipfw pipe 1 config mask src-ip 0xffffffff buckets 512
ipfw pipe 2 config mask dst-ip 0xffffffff buckets 512
ipfw add 32001 pipe 1 src-ip x.x.x.0/24 bridged
ipfw add 32002 pipe 2 dst-ip x.x.x.0/24 bridged

and then read the counters with "ipfw pipe show". Both methods
required some perl scripting to read the counters and insert the
results in a database, per-ip, giving me the ability to graph and
summarize customer traffic in 5 minute intevals.

-- 
Jon Simola
Systems Administrator
ABC Communications
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: cknandu_at_binanizinc.co.in: "Qmail problem - SOS"
• Maybe in reply to: KrzychK2: "Net statistics for single user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Bandwidth shaping for different flows ... a bridge only and no layer-3 filtering. ... ipfw add pipe 1 ip from any to Network-A ... ipfw add pipe 2 ip from Network-B to Network-A ... ipfw pipe 2 config bw 1000Kbit/s queue 10 ... (freebsd-questions) Re: jitter and dummynet ... ipfw pipe 1 config delay 50ms ... ipfw pipe 2 config delay 300ms ... ipfw add prob 0.2 pipe 1 ip from any to any ... (comp.unix.bsd.freebsd.misc) Traffic shaping part 2 ... Anyone can give me a real life example, full ipfw traffic shaping ruleset or something like that. ... ipfw pipe 6 config bw 300Kbit/s queue 40 ... (freebsd-net) Re: ipfw & fBSD 4.11 ... > I'm currently trying to win battle with ipfw and setting up bandwidth ... > All machines in my network 192.168.10.0/24, ... ipfw pipe 10 config bw 0Kbit/s ... (comp.unix.bsd.freebsd.misc) [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate ... This is a proposal for ipfw improving ideas and architectural changes. ... Current ipfw's dynamic rules are not suitable for several advanced ... call IPSEC processing from specified place in ruleset just like all ... As patch about using rule counters is currently discussed in ipfw@, ... (freebsd-hackers)