Hi everybody,
I installed new 7.0 on PS8500 and I am using FDR, loadshedding over box.
I have a question: How could they impact on perfomance over Box?
Are there some advs about How to use these tools ? I read all release notes 7.0 and I have some doubts in How to implement it.
Thanks in advance,
Carlos
[/img]
Packeteer's Technical Exchange
A forum for sharing ideas.
Loadshedding and FDR on Version 7.0
Moderator: Moderators
5 posts • Page 1 of 1
by Ben on Wed Oct 13, 2004 6:51 am
Here is some info I got from technical support:
This filter will only kick in when the shaper is overloaded, we drop enough packets to resolve the overload condition.
To control this filtering you'll need to modify the following sys sets.
PacketShaper# sys set shed
System values Current Default Min Max
=========================================================================
loadSheddingClientFPM 1000000 1000000 10 1000000
loadSheddingEnable 0 0 0 1
loadSheddingNewFlowsOnly 1 1 0 1
loadSheddingTCBConn 100 100 5 1000000
loadSheddingUCBConn 100 100 5 1000000
To enable the feature you need to issue the following CLI command:
sys set loadSheddingEnable 1 "loadSheddingNewFlowsOnly" by default is set to only drop new flows, this is recommended.
loadSheddingClientFPM is the threshold you'll need to modify, it work with loadSheddingTCBConn (for TCP flows) or loadSheddingUCBConn (for UDP traffic). If you set this threshold at a given value, say xxx, it instructs the PacketShaper to drop all new flows from the hosts that are generating more than xxx new Flows per Minute and have more than 100 established flows (100 is the default value for loadShedding TCBConn, UCBConn).
For example, if you set ...ClientFPM to 300, the Shaper will drop all new flows from the hosts that are exceeding 300 new flows per minute and have 100 established flows. The number you should configure for this variable depends on your network/application requirements.
You can modify loadSheddingClientFPM, loadSheddingTCBConn and loadSheddingUCBConn to values that suit your network. Suggested starting point maybe 300, 100, 100.
You should start by monitoring the "host info -sf -n 20" command output and check the number of existing flows and new flows per minute from the hosts that you suspect are infected. Once you have a trend, you should then configure the sys set values based on your findings and re-check the results, verify impact on network...
This filter will only kick in when the shaper is overloaded, we drop enough packets to resolve the overload condition.
To control this filtering you'll need to modify the following sys sets.
PacketShaper# sys set shed
System values Current Default Min Max
=========================================================================
loadSheddingClientFPM 1000000 1000000 10 1000000
loadSheddingEnable 0 0 0 1
loadSheddingNewFlowsOnly 1 1 0 1
loadSheddingTCBConn 100 100 5 1000000
loadSheddingUCBConn 100 100 5 1000000
To enable the feature you need to issue the following CLI command:
sys set loadSheddingEnable 1 "loadSheddingNewFlowsOnly" by default is set to only drop new flows, this is recommended.
loadSheddingClientFPM is the threshold you'll need to modify, it work with loadSheddingTCBConn (for TCP flows) or loadSheddingUCBConn (for UDP traffic). If you set this threshold at a given value, say xxx, it instructs the PacketShaper to drop all new flows from the hosts that are generating more than xxx new Flows per Minute and have more than 100 established flows (100 is the default value for loadShedding TCBConn, UCBConn).
For example, if you set ...ClientFPM to 300, the Shaper will drop all new flows from the hosts that are exceeding 300 new flows per minute and have 100 established flows. The number you should configure for this variable depends on your network/application requirements.
You can modify loadSheddingClientFPM, loadSheddingTCBConn and loadSheddingUCBConn to values that suit your network. Suggested starting point maybe 300, 100, 100.
You should start by monitoring the "host info -sf -n 20" command output and check the number of existing flows and new flows per minute from the hosts that you suspect are infected. Once you have a trend, you should then configure the sys set values based on your findings and re-check the results, verify impact on network...
- Ben
- Posts: 41
- Joined: Mon Mar 08, 2004 2:28 am
Version 7.0 Loadshedding and FDR
by csanchez on Wed Oct 13, 2004 12:54 pm
Hello Ben,
Thanks for your advs but I have a question:
The features Loadshedding and FDR in New ver 7.0 How can they impact the box during execution?
These tools affect the performance of box ? Or these tools are transparent in funcionality to box without affect performance of it?
Best Regards,
Carlos
Thanks for your advs but I have a question:
The features Loadshedding and FDR in New ver 7.0 How can they impact the box during execution?
These tools affect the performance of box ? Or these tools are transparent in funcionality to box without affect performance of it?
Best Regards,
Carlos
Ben wrote:Here is some info I got from technical support:
This filter will only kick in when the shaper is overloaded, we drop enough packets to resolve the overload condition.
To control this filtering you'll need to modify the following sys sets.
PacketShaper# sys set shed
System values Current Default Min Max
=========================================================================
loadSheddingClientFPM 1000000 1000000 10 1000000
loadSheddingEnable 0 0 0 1
loadSheddingNewFlowsOnly 1 1 0 1
loadSheddingTCBConn 100 100 5 1000000
loadSheddingUCBConn 100 100 5 1000000
To enable the feature you need to issue the following CLI command:
sys set loadSheddingEnable 1 "loadSheddingNewFlowsOnly" by default is set to only drop new flows, this is recommended.
loadSheddingClientFPM is the threshold you'll need to modify, it work with loadSheddingTCBConn (for TCP flows) or loadSheddingUCBConn (for UDP traffic). If you set this threshold at a given value, say xxx, it instructs the PacketShaper to drop all new flows from the hosts that are generating more than xxx new Flows per Minute and have more than 100 established flows (100 is the default value for loadShedding TCBConn, UCBConn).
For example, if you set ...ClientFPM to 300, the Shaper will drop all new flows from the hosts that are exceeding 300 new flows per minute and have 100 established flows. The number you should configure for this variable depends on your network/application requirements.
You can modify loadSheddingClientFPM, loadSheddingTCBConn and loadSheddingUCBConn to values that suit your network. Suggested starting point maybe 300, 100, 100.
You should start by monitoring the "host info -sf -n 20" command output and check the number of existing flows and new flows per minute from the hosts that you suspect are infected. Once you have a trend, you should then configure the sys set values based on your findings and re-check the results, verify impact on network...
Carlos
-
csanchez - Posts: 4
- Joined: Fri Oct 24, 2003 1:27 pm
- Location: Medellin-Colombia
by Ben on Thu Oct 14, 2004 1:15 am
From our experience of using it, loadshedding actually improved performance as it only kicks in when the box is overloaded.
We were being hit hard by a virus with many nodes making 1000+ connections a minute. The PacketShaper was dropping a lot of traffic into the default buckets. Once we set a limit of 400 connections per minute with loadshedding, everything sorted itself out.
Hope that helps.
Also if you want to check how loaded your box is you can now get that information on your 'Info' page. It's under 'Unit Health' and with loadshedding turned on, our system load is 1
We were being hit hard by a virus with many nodes making 1000+ connections a minute. The PacketShaper was dropping a lot of traffic into the default buckets. Once we set a limit of 400 connections per minute with loadshedding, everything sorted itself out.
Hope that helps.
Also if you want to check how loaded your box is you can now get that information on your 'Info' page. It's under 'Unit Health' and with loadshedding turned on, our system load is 1
- Ben
- Posts: 41
- Joined: Mon Mar 08, 2004 2:28 am
5 posts • Page 1 of 1
Who is online
Users browsing this forum: MSN [Bot] and 3 guests