Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!spool.mu.edu!sol.net!spool.mu.edu!newsspool.sol.net!howland.erols.net!nntprelay.mathworks.com!europa.clark.net!feed1.news.erols.com!news From: Ken Bigelow <kbigelow@www.play-hookey.com> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: ipfw use as a traffic analyzer Date: Thu, 10 Jul 1997 21:36:10 -0700 Organization: Not very organized Lines: 42 Message-ID: <33C5B83A.7BDB@www.play-hookey.com> References: <5odn7m$cns$1@gryphon.phoenix.net> Reply-To: kbigelow@www.play-hookey.com NNTP-Posting-Host: 206.161.179.133 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Received-On: 11 Jul 1997 01:34:52 GMT X-Mailer: Mozilla 3.01 (Win16; I) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:44259 Greg wrote: > > I have been playing with IP Firewall and was wondering if anyone had more > info if I used it in the following manner : > > Basically, i installed ipfw on a webserver (running apache). The server > uses ip aliasing for each virtual web. The firewall will be setup > to count the packets/bytes per web using commands like this : > > ipfw add count tcp from any to 204.120.228.197 80 > .. > .. > and so forth > > Now I can give a very accurate count of bytes transfered to each virtual > host (even already wrote a quick perl job to email me the results once a > day). > > Now , this machine may have between 100 and 120 virtual webs on it. What > kind of slowdowns can I expect with the IPFW enabled? > > Thanks > That depends entirely on the activity you get on those virtual servers. My own site also runs Apache, but not with virtual hosting (at this point, at least). It also hosts a MUSH for my daughter and a few other things. If these are quiet, top may report a CPU idle time of up to 99+%. However, if everything is busy, system usage goes up and idle time goes down. I would expect similar results from the system you describe -- IPFW would be sleeping as much as possible, and should add very little overhead to each http hit. However, I would expect that the difference would not be noticed by any client; the competition for http bandwidth would override local file writes. -- Ken I'll get my sig back in ASAP. Got any idea how much fun a total crash of a 2GB hard drive is?? Pray you never have to find out!