[svlug] Network bandwidth problems...

Ivan Sergio Borgonovo mail at webthatworks.it
Fri Jan 30 15:34:14 PST 2015


On 01/30/2015 11:56 PM, Michael Robinson wrote:
> My brother is constantly accusing the Linux servers I run a web site on
> of flooding the DSL to death.  I need a black box between the DSL modem
> and the the switch that the servers and my brother are hooked to.  This
> black box should be rock solid and trusted by everyone.  It has one job
> and one job only, report when there are bandwidth usage spikes as much
> as possible information that is meaningful.  I need IP addresses,
> etcetera.  I've contacted our ISP, Peak, and they are looking into
> possible denial of service attacks.  My brother wants me to run a script
> on all my servers to limit their upstream bandwidth use, but I don't
> feel comfortable using the script in a production environment and I
> think there was trouble when I deployed it.  I need an enterprise
> appropriate solution to the problem of someone tricking my servers into
> flooding the DSL to death.  I'd rather set up one black box than deploy
> a buggy script on four linux servers.  Any and all help appreciated ;-)

Most SOHO router comes with some graphic tool to let you know number of
connections, bandwidth etc... without even the need to install openwrt
that you or your brother may be tempted to "tweak".

You may also find some sort of traffic shaping GUI.

It comes without saying that openwrt would be better than a semi-open
unmaintained buggy firmware if you trust each other and you prefer an
open box to a black box.

There are plenty howto to setup traffic shaping on openwrt... that's not
too different from traffic shaping on Linux but at least you'll find
already the right names of interfaces.

Serving stuff on a DSL may actually starve the upstream that you still
need to request stuff you want to download given the asymmetric nature
of *A*DSL.

If you want something more serious it is out of my reach, I just know
there are plenty monitoring/IDS software but taking care of DDOS isn't easy.

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it




More information about the svlug mailing list