> right, but as discussed below, generally bind servers don't have > 100k people > waiting for notifications and updates. >
Nope, true... but like I suggested, the notification tree doesn't have to be flat... One server notifying 100000 servers is time consuming and sure - costs a lot of bandwidth... Lets assume that each notify takes 5 seconds... we have to have SOMETHING to "measure"... 1 server notifying 100000 servers takes 500000 seconds. That's a little over a day to push the notification - bad idea ;-) 1 server notifying 100 servers, which each in turn notify 100 servers and so on... 1 to 100: 100 seconds each of them notifying 100: 100 seconds (total notified 10100) each of them notifying 100: 100 seconds (total notified 1010100!) in 5 minutes! That's 10 times your value of 100000 servers. Each server would only have to know about 100 others. Not a huge database - wouldn't even have to be written to file. Each server could be responsible for polling it's master once per hour. > > Hourly polls is a good thing - but if the system worked both ways, the > > mirror could signal the end clients that it's time to download... those > > notifies could be send only to clients that had registered to > receive it (an > > option in freshclam) and would not push the data, but trigger a > freshclam > > pull. > > with that option, the 'clients' would either have to remain connected the > entire time, which is completely not feasable, or somehow the > database mirrors > would have to either 'remember' who to notify, or have some sort > of registry > of people to notify (I can see how one might do this with a paid mirror > service), and then send out notifications (even a single UDP > packet to 100k > servers could be quite bandwidth intensive. The architecture > could work, yes, > but it doesn't scale well, and I don't think the clamav team has > the resources > to do this sort of ass-kissing for free. They're already providing a > wonderful service to the internet community, we cannot bite the hand that > feeds us. I wasn't proposing that it had to be done for free (not that it can't be with the factor tree I explained above). It might even reduce the cost of database distribution. If each server is only pushing 100 updates @ 200KB per update (2MB total) we can get 500 pushes per month for only a couple dollars. > Another problem with this notification is there are still the > spikes when the > notifications come out that EVERYONE AND THEIR BROTHER contacts > the database > mirrors for updates. Your solution doesn't solve any problems imposed by > Christopher's idea, and actually introduces more. 100 servers for 200KB (20MB is hardly a spike.) and as for clients remaining connected, that is what a server is - connected. This isn't for end users, or local workstations. It's an OPTION for people who process a lot of data, are at high risk, and need immediate response. Then their own internal freshclam clients can poll their local authoritative server as often as they want, or use the same procedure to distribute to them (if they are full time connected that is). > In my opinion, the existing system is fine, and if you want > better, you should > talk to the clamav folks about setting up some sort of 'priority' Yeah, we could, but I don't think it needs that. And setting up an internal mirror doesn't address the response time of the updates, unless I start hammering the main freshclam every few minutes... and I just don't think that would be friendly. With the sort of hierarchical distribution I'm talking about, you could even use an ranking system to automatically organize the distribtion (while I'm on a roll ;-)... What I mean is that everyone would contact one of the "root" mirrors initially. In the request to be notified, it would indicate the number of clients it serves. If less than a certain number, then it could be referred to a child of the root server. If that child becomes unavailable it could contact the root again (at the next hourly polling time). How many servers are there on the Internet? We could probably handle the whole lot of them with no more than 4 or 5 levels. Push an update to the world in under 10 minutes. Think how many virus laden emails this could stop. (visions of f5...) in fact, the root server could hand out the IP's of all child servers not fully loaded. The client could register with the nearest (by route time) one - just ranting... m/ ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
