Spent one more day thinking about the most productive way of detecting the traffic and make whole thing realy fast, debuggable, managable, easy to use.
Idea to work with traffic in uni-directional way is definetly bad - most of the traffic signatures could be found only in one direction, but traffic could and should be identified in both.
So, the next major fix will be passing traffic through the netflow algo bi-directionally, and making policing for classes on both ways symmetrically.
This leads to major design changes - two bpf nodes needed, connecting to different classifying sides, flows ALWAYS should go through the netflow engine. This actually ok, as previously i mented to use the same setup on both traffic sides and now it is just taking alltogether in one begemoth.
One future thought - it's aren't that difficult to make a subscriber list and create a class 'prepend' for each subscriber - it means that each subscriber's traffic class could be handled separately. This is not a real need now, just thought for future, to include BRAS functionality
This blog is a mixture of thoughts i'd like to share, interesting expereince, and a bit of history i'd like to read a few years later
No comments:
Post a Comment