Thanks Mark, This is indeed helping since I wasn't sure if IPFW or PF was the default on FreeBSD and on BSDR. Indeed I know that the netfilter modules limits are causing issues in some places.
Can you share more about the structure and the tools of the BSDR and the netflow setup you have? Thanks, Eliezer On 07/01/2014 08:23 PM, Mark van der Meulen wrote: > My recommendation and is something we do: > > - Export Netflows and or IPFW Logs to a device for analysis. > - FreeBSD supports ZFS, you can export massive volumes of both logs and > flow data and retain for processing (we collect about 200GB per day worth > of data for analysis) > - On the device which is analysing your flows or logs, build in the > functionality to talk to your network device and react in real time with > IPFW. > - Don¹t use PF it is slow on FreeBSD - if you want to use PF, consider > OpenBSD. > > We currently use all open source tools to analyse data in real time and > talk back to our BSDRP routers to perform RTBH, connection limiting, > blocks, etc. > > The netfilter modules for connection limits and such like are handy when > using it on a server especially if it¹s hosting con ten, however on > routers which push large amounts of PPS it performs poorly and is a bit of > a hack to be honest. I¹d avoid any of those kind of solutions even if they > are available for PF or IPFW. > > Mark ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Bsdrp-users mailing list Bsdrp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bsdrp-users
