[afnog] Help on Access list Evaluation

Herbert Maosa h_maosa at blueyonder.co.uk
Tue Jul 18 00:14:16 EAT 2006


Well,

Apart from packet matching for other tools, I thought we are going to 
use access-list to implement some sort of packet filter for security 
purposes, not necessarily to solve network bottleneck issues. I would 
think such problems are a trigger to look at our QoS implemetations.

Are you receiving more traffic on your interface than you expect from 
your customers according to the SLAs ?( assuming you have SLAs). I would 
be looking into implementing rate-limiting and/or traffic policing to 
the agreed contracts than worry about what traffic the customer is 
sending, unless I am worried about security.

Just my different view.

Herbert.


Brian Candler wrote:
> On Mon, Jul 17, 2006 at 10:55:34AM +0300, Patrick Okui wrote:
>   
>> Step 0.
>> 	Find out what "type" of traffic you are seeing by running a 
>> 	sniffer like tcpdump/ntop or ethereal.
>>     
>
> ... and this can also identify which particular hosts are generating the
> most traffic.
>
> Also useful tool is netflow, which can extract traffic patterns passing
> through a router or switch and let you view them on a monitoring station.
>
> If your hosts are connected downstream of a managed switch, you have other
> options too. You can monitor the bandwidth use by each switch port
> separately, and graph it using something like rrdtool or cricket (there was
> another monitoring program mentioned on this list recently which is supposed
> to be much easier to set up, but I can't remember what it was called)
>
> Then you can see which port is generating the most traffic, and trace it
> back. More importantly, you can start building up a history of utilisation
> on your network. In other words, a single port generating a lot of traffic
> may be perfectly correct, because that's what you want it to do. But if you
> have a single port which has been generating very little traffic over the
> last week or month and is suddenly generating large amounts of traffic -
> that's something which needs to be investigated.
>
> Regards,
>
> Brian.
>
> _______________________________________________
> afnog mailing list
>
>
>   





More information about the afnog mailing list