On Tue, Oct 22, 2002 at 03:48:13PM -0300, Marc G. Fournier wrote:
> On Tue, 22 Oct 2002, Luigi Rizzo wrote:
...
> > Or if you are just happy to aggregate by IP, one solution i often
> > use is the following (based on dummynet's dynamic pipes):
> >
> > # do not expire pipes even if they have no pending traffic
> > sysctl net.inet.ip.dummynet.expire=0
> >
> > # create separate pipes for src and dst masks
> > ipfw pipe 20 config mask src-ip 0xffffffff buckets 256
> > ipfw pipe 21 config mask dst-ip 0xffffffff buckets 256
> >
> > ipfw add pipe 20 ip from $my_subnet to any
> > ipfw add pipe 21 ip from any to $my subnet
>
> I don't believe I could do this with ipfw ... $my_subnet == 131.162.0.0 :(
> I fear the machin would strat to smoke, no? :(
as long as you have enough memory and set the number of buckets large
enough (probably more in the 2-4k range), i do not see problems.
Yes, each flow consumes a bit of memory (i think some 128 bytes)
but for 64k flows this is still bearable.
You'll actually save the work of copying every packet to userland
which all bpf-based solutions must do.
cheers
luigi
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
