Results 1 to 15 of 15
  1. #1
    Join Date
    Apr 2003
    Location
    Washington, DC
    Posts
    594

    Post Rate Limiting, w/o lev. 3 router!

    This can be done on the server side with iptables.

    I hope this helps people in the future.

    http://www.tldp.org/HOWTO/Adv-Routin...it.single.html
    Benoît Brookens III
    President - Dataracks, Inc.
    Dataracks.net | Ultra-Reliable Hosting.™

  2. #2
    Join Date
    Apr 2001
    Location
    St. Louis, MO
    Posts
    2,508
    Do you mean Layer 3
    Mike @ Xiolink.com
    http://www.xiolink.com 1-877-4-XIOLINK
    Advanced Managed Microsoft Hosting
    "Your data... always within reach"

  3. #3
    Join Date
    May 2003
    Location
    Kirkland, WA
    Posts
    4,448

  4. #4
    Join Date
    Apr 2003
    Location
    Washington, DC
    Posts
    594
    haha, your absolutely correct, layer. Sorry about that, I actually was looking at level 3 pricing earlier.
    Benoît Brookens III
    President - Dataracks, Inc.
    Dataracks.net | Ultra-Reliable Hosting.™

  5. #5
    you can rate limit with layer 3 switches (arguably the same as 'router'; saying 'layer 3 router' is redundant) too. you dont need layer 3 capabilities to do rate limiting, but it does come in handy if you want to rate limit based on ACLs.

    paul
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters

  6. #6
    Join Date
    Apr 2003
    Location
    Washington, DC
    Posts
    594
    so ethicially what is the miniumum requirements for rate limiting?
    Benoît Brookens III
    President - Dataracks, Inc.
    Dataracks.net | Ultra-Reliable Hosting.™

  7. #7
    ethically? i am touched that you defer to me on issues of ethics and morality, but i must respectfully decline to comment on that.

    if you meant technically, having a device that has that feature, ie has code/asic to implement it.

    paul
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters

  8. #8
    Join Date
    Apr 2003
    Location
    Washington, DC
    Posts
    594
    Yes, quite frankly i believe you are a man of good colocation principals, and if you were a woman in terms of colocation you would have your legs closed.

    No No, just kidding.

    I was in a rush, my mind somewhere else not sure why that came to mind. what is the cheapest device you know of which can perform such a task, to use for colocation purposes?
    Last edited by benoitb; 04-20-2004 at 02:42 PM.
    Benoît Brookens III
    President - Dataracks, Inc.
    Dataracks.net | Ultra-Reliable Hosting.™

  9. #9
    Join Date
    Feb 2004
    Location
    Louisville, Kentucky
    Posts
    1,083
    Some layer 2 switches support rate-limiting as well. Foundry switches running layer 2 images are one example.
    Jeff at Innovative Network Concepts / 212-981-0607 x8579 / AIM: jeffsw6
    Expert IP network consultation and operation at affordable rates
    95th Percentile Explained Rate-Limiting on Cisco IOS switches

  10. #10
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    The Captus IPS 4000 has L2 rate limiting capabilities as does ASL (Astaro Security Linux) v5, which we plan to begin testing next month if all goes as planned. Only caveat is price: one can expect to pay anywhere from $7000 - 14,000 or more to implement one of these devices.

  11. #11
    Originally posted by jsw6
    Some layer 2 switches support rate-limiting as well. Foundry switches running layer 2 images are one example.
    as a matter of precision, although foundry calls the image that comes with most switches by default 'layer 2', it actually does have certain layer 3 capabilities, such as layer 3 acls. their layer 3 images enable things like OSPF and RIP support.

    in this vein, your cheapest solution would be a foundry FWS24, which can be gotten on the aftermarket for $500+. clearly, you need to do a lot of testing on aftermarket equipment for use in anything but lab environments. FWS24s are now EOL'ed, so keep that in mind. if you want to do a serious amount of rate limiting in production, i would recommend at least using the FBS line (slightly faster cpu).

    cisco 3550 EMI will do rate-limiting (not sure about SMI, but probably not). it will not work that well, so dont bother.

    perhaps if you elaborate a bit on what kind of rate-limiting you want to do, we can give you better recommendations.

    paul
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters

  12. #12
    Originally posted by DeathNova
    The Captus IPS 4000 has L2 rate limiting capabilities as does ASL (Astaro Security Linux) v5, which we plan to begin testing next month if all goes as planned. Only caveat is price: one can expect to pay anywhere from $7000 - 14,000 or more to implement one of these devices.
    what do they bring to the table that the other devices dont? is the rate-limiting done fully in asic?

    paul
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters

  13. #13
    Join Date
    Apr 2003
    Location
    Washington, DC
    Posts
    594
    low end under 10mbit i just need it for about 5-10 servers.
    Benoît Brookens III
    President - Dataracks, Inc.
    Dataracks.net | Ultra-Reliable Hosting.™

  14. #14
    Join Date
    Nov 2002
    Posts
    2,780

    Re: Rate Limiting, w/o lev. 3 router!

    Originally posted by benoitb
    This can be done on the server side with iptables.

    I hope this helps people in the future.

    http://www.tldp.org/HOWTO/Adv-Routin...it.single.html
    I tried this. 1 or 2 megs are fine.

    Anything over it, it really doesn't work great. I have compare it to the MRTG graph of the server and it's off by alot alot. It maybe something i did wrong though.

    Rate-limiting switches are much better, much more accurate

  15. #15
    Join Date
    Apr 2003
    Location
    Washington, DC
    Posts
    594
    so whats the cheapest switch i can get which can perform such a task i really only need it for one or 2 boxes.

    Thanks for that bit of info, how was mrtg off?
    Benoît Brookens III
    President - Dataracks, Inc.
    Dataracks.net | Ultra-Reliable Hosting.™

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •