[WBEL-devel] Re: [WBEL-users] Security updates
Bogdan Costescu
bogdan.costescu@iwr.uni-heidelberg.de
Fri, 21 May 2004 18:42:16 +0200 (CEST)
On Thu, 20 May 2004, John Morris wrote:
> The problem was too many people trying to download direct. Which is why I
> have killed http access to the whole /pub tree as of this afternoon.
You don't need these drastic measures. And you don't need manual
intervention at all. I'm amazed that with all those people coming to
this list and saying "I converted X tens of servers to WBEL" nobody
heard at least of "traffic shaping" in Linux.
This works when you have to prioritize outbound traffic - this is
exactly the problem here. (The inbound traffic can't be directly
prioritized as it depends on the other side and routers in-between.)
So, point your browser at:
http://lartc.org/
and start reading. Having set up 3 different purpose shapers, I can
say that working with 'tc' (and sometimes with 'iptables' to mark
packets) is not exactly the most user-friendly experience, but the
result is well worth it.
As to what policy to impose... the server and link owners are the only
ones that can decide. But you have almost infinite possibilities :-)
--
Bogdan Costescu
IWR - Interdisziplinaeres Zentrum fuer Wissenschaftliches Rechnen
Universitaet Heidelberg, INF 368, D-69120 Heidelberg, GERMANY
Telephone: +49 6221 54 8869, Telefax: +49 6221 54 8868
E-mail: Bogdan.Costescu@IWR.Uni-Heidelberg.De