Date: Mon, 17 Jan 2005 14:38:21 -0800 From: Jon Simola <jsimola@gmail.com> To: Andrew Seguin <asegu@borgtech.ca>, freebsd-net@freebsd.org Subject: Re: Network accounting Message-ID: <8eea040805011714382dfd5aca@mail.gmail.com> In-Reply-To: <20050117221227.E31F154A5@borgtech.ca> References: <courier.41EC3354.00007D33@bigass1.bitblock.com> <20050117221227.E31F154A5@borgtech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Jan 2005 23:07:54 +0100, Andrew Seguin <asegu@borgtech.ca> wrote: > With the help, in pointing out the mask feature to me from Jon Simola, this > quite possibly might be the path I'll take (I'll sleep on it first). > Interfaces are 100Mbps, but our internet is about 50Mbps total I believe > (still have yet to get hard facts from people here). With our daily traffic, > we see always 80GB total daily... but I'll keep hourly accounting in mind. For reference, I'm running a 2.4GHz P4 with 512MB of RAM, and was originally using that pipe/mask setup to monitor 13 /24s (all non-contigous) with a total throughput of 20 to 40Mbps with no problems. (using NICs that FreeBSD supports kern.polling on, such as em helps with the number of interrupts) For hilarity, on a Pentium Pro 180MHz with 64MB of ram, I was monitoring the same bunch of /24s with an indexed quad tree setup of skipto and count rules: 10 skipto 100 ip from any to 192.168.1.0/24 100 skipto 1000 ip from any to 192.168.1.0/26 101 skipto 1010 ip from any to 192.168.1.64/26 102 skipto 1020 ip from any to 192.168.1.128/26 103 skipto 1030 ip from any to 192.168.1.192/26 1000 skipto 10000 ip from any to 192.168.1.0/28 1001 skipto 11000 ip from any to 192.168.1.16/28 1002 skipto 12000 ip from any to 192.168.1.32/28 1003 skipto 13000 ip from any to 192.168.1.48/28 10000 skipto 15000 ip from any to 192.168.1.0/30 10001 skipto 15004 ip from any to 192.168.1.4/30 10002 skipto 15008 ip from any to 192.168.1.8/30 10003 skipto 15012 ip from any to 192.168.1.16/30 15000 count ip from any to 192.168.1.0 15001 count ip from any to 192.168.1.1 15002 count ip from any to 192.168.1.2 15003 count ip from any to 192.168.1.3 Not suprisingly, that failed once the traffic headed over about 8Mbps sustained. And it took almost 5 minutes for the thousands of ipfw rules to load. I was happy when the 'mask' feature came about (or maybe I just hadn't figured it out yet, this is years ago now). At least I knew enough not to try 13*256*2=6656 sequential rules. That indexed thing above averaged 8 to 12 rule evaluations per packet (not counting the way skipto traverses the rules as a linked list).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea040805011714382dfd5aca>