From: Karl Gaissmaier <karl.gaissmaier@rz.uni-ulm.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Q: best solution to stop traffic to huge amount of
Date: Thu, 22 Aug 2002 21:04:47 +0000 [thread overview]
Message-ID: <marc-lartc-103005039501573@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103000210313805@msgid-missing>
Gerry Creager N5JXS schrieb:
>
> The answers are not necessarily pretty.
>
> I've done a similar task with a Juniper M5 router. It will handle up to
> about 180,000 rules at wire speed. But it is expensive.
>
> If your switches were a little newer, we could use 802.1x to enable the
> switch-use capability flag (:-) and solve the problem.
you know, 10k hosts are never attached to a network with homogenous
new network devices :-(
>
> Instead of policing at a single edge point, you might consider policing
> at dormatory and building edges, where the load is smaller and you can
> use masking and diminsh the ruleset some more.
but the management is very difficult, see above
>
> With a sufficiently fast box, or series of boxes, doing specific tasks,
> you should be able to do this. Folks like Juniper achieve it by being
> able to classify and mark in ASIC without having to go to the processor.
Netfilter and iproute2/tc is very good but I miss just a fast
matching module for a "pool" of ip addresses and the missing tc-cref
or better documented tc examples, especially dealing with general
ingress policing.
Best regards
Charly
--
Karl Gaissmaier Computing Center,University of Ulm,Germany
Email:karl.gaissmaier@rz.uni-ulm.de Network Administration
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-08-22 21:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-22 7:38 [LARTC] Q: best solution to stop traffic to huge amount of unregistered hosts Karl Gaissmaier
2002-08-22 20:44 ` [LARTC] Q: best solution to stop traffic to huge amount of Karl Gaissmaier
2002-08-22 20:55 ` Karl Gaissmaier
2002-08-22 21:04 ` Karl Gaissmaier [this message]
2002-09-03 11:13 ` Karl Gaissmaier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103005039501573@msgid-missing \
--to=karl.gaissmaier@rz.uni-ulm.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.