Date: Sun, 19 Oct 2003 13:37:10 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: John Polstra <jdp@polstra.com> Cc: hubs@freebsd.org Subject: Re: cvsup server operation Message-ID: <20031019113732.GD68501@mail.webmonster.de> In-Reply-To: <XFMail.20031010132106.jdp@polstra.com> References: <20031010060149.GA3707@math.uic.edu> <XFMail.20031010132106.jdp@polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Polstra(jdp@polstra.com)@2003.10.10 13:21:06 +0000: > I don't have any automatic rate throttling on the mirrors I manage. Rate throttling with processes that happen to use up some memory often tend to be a DoS against oneself. Also, IMVHO, the idea behind online networking services is getting the jobs done faster. Therefor maximum bandwidth should be achieved (eg. the sooner the client finishes the better. The amount of transferred data is the same, if throttled or not). In certain thottling/bandwidth management scenarios, the transmitted amount of data is even higher when throttled. > But I check the log files periodically. Any time I notice somebody > abusing a mirror (e.g., with cronjob updates more frequently than once > an hour) I simply blacklist them in the cvsupd.access file. I feel no > remorse at all about denying access to greedy jerks. Likewise, when Same here. I'm glad that I am not alone with this attitude. I am very tolerant, though, but if one runs an update against port-all every 5 minutes 24x7 just to 'stay current', I write a polite email and turn the off-knob. > I catch people doing simultaneous updates from multiple machines at > their site, I add a rule to cvsupd.access that limits them to 1 update > at a time from their subnet. I always have a great big smile on my > face when I do that. No guilt whatsoever. :-) Yup. Especially the folks at universities and institutes should know better when everything boils down to shared access of computing ressources, but they don't. Limiting the no. of connections from their subnet is the only viable solution. I had an email this year from some lab guy complaining about being limited with his 20 machines that pulled src-all and ports-all every morning at 3:00. Tsk tsk. > The scary thing is when you find out how few of these cronjob mirror > abusers even notice that they're not getting updates any more. I got quite some resonance on cvsup7.de when I change ACLs or write polite emails. 75% of the folks understand what it's about and change their configurations, etc. The remaining 25% are T-Online customers, anyway, so we got to be glad that they don't speel FreeBSD like "PhreeBSD" and such... ;-) Though, the biggest problem we face on cvsup7.de is the load at 3:00am, because half of germany thinks that this would be a good time to update their src and ports... Regards, /k -- > Hackers do it with all sorts of characters. webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031019113732.GD68501>