| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
Archives
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
PacketShaper tuning
I tweaked the PacketShaper a little this afternoon, after numerous comments that incoming connections were taking a long time (particularly e-mail related ones, like IMAP, and from multiple people). I think the single biggest thing I did was to bump up the priority on the Default class for the main college address space from priority 1 to priority 3 (higher is better). I seem to recall an offhand comment on the list at some point that the first few packets of a flow are usually unclassified and thus put into Default. Increasing the priority of that lets them through faster and then lets them get classified faster, allowing them to take advantage of the policies and partitions for their particular traffic type that much sooner. IMAP feels a lot faster, both in Pine and Mail.app now.
SSH blocks
Put some blocking rules on the shaper for SSH scan attempts this morning. Mainly tightening up access to the server net.
I allow access to a few hosts on the server net from anywhere, access to any host from the server net from a few nets, and any access to anything off the server net. The last is done with a range keyword in the rule, and the others are done with host lists.
PacketShaper under control
After a week of fiddling, I think the PacketShaper is under control again. I’ve been living on the student net and making things reasonably responsive over here, and I believe not to the detriment of the college-owned net.
First, I believe that every fall we should run the shaper in discovery mode to pick up the new applications people are running. This should be done with the latest PacketWise release and classification plugins. That seemed to help a lot last week, picking up a number of new games and P2P apps.
Second, understand how to effectively put policies on different traffic patterns, recognizing the difference between requests and responses. It is better to put a middle to high priority policy on HTTP request traffic and then put a sliding rate policy of middle to high priority on the HTTP response. THe request is small and doesn’t care about per-flow bandwidth limits while the response can be much larger and can effectively be shaped on a per-flow basis. Interactive stuff, including POP3 and IMAP need to have pretty high priority, but again we can differentiate between those services hosted here and used from off campus versus those hosted elsewhere and used from on campus (the latter not getting as high priority). Background stuff, like SMTP, can be given a fairly low priority policy, but shouldn’t be shaped any other way.
Today I also set up some scheduled jobs to run on the shaper. Weekday evenings I increase web browsing and gaming bandwidth a bit, and then decrease them again weekday mornings. This means that at night and over the weekends some of the student-initiated traffic ought to see a better response than with static rules.
I think I’ll continue hanging out here on the student net for a little while, but at this point things seem to be working fairly well.
On the student net
After a number of complaints of slowness on the student network, I’ve set up my laptop on the student switch for the week. I’ve made some PacketShaper adjustments, and I’ll continue to make adjustments until it seems like we’ve got a usable pipe. I won’t be able to pick up on after hours slowness or problems confined to a single building, but I can at least work on Internet usability.
New look
I put a new look on these pages. I stole the style sheet from WebDB, with numerous hacks to make it MT-happy, and then hacked up the templates to make them style sheet-happy.
Power shutdown normal
The yearly power shutdown went well on Saturday, aside from a few glitches in renumbering for Impulse Point. This is probably the last time we’ll need to shut down for a day when they do the power maintenance.
The machine room upgrade is progressing well, and within the next month we should have a generator for handling future power outages.
Minor details: PAX had slight issues coming up — it tries to mount NFS partitions prior to starting named, and it uses itself for DNS resolution. Changed so that it’s using EIRENE instead, which depends on nothing.
A view from the basement
Congratulations, class of 2005. A lot has happened in the past four years.
I remember the first big batch of accounts I created — the class of ‘05. Looking for collisions, checking them by hand.
This class saw the expansion of the general server pool from one to eleven, plus or minus. That first server is still in service, although it’s probably headed for retirement soon. They’ve gone from a single server which crashed frequently to a pool that normally gets restarted only when we have power shutdowns.
This class saw the shift from the single general server running Linux to the elimination of Linux from the server pool (in favor of FreeBSD and Solaris).
This class has always seen servers with their names taken from various languages’ words for “peace”.
This class has always had a Windows 2000 domain, run by Samba acting as the domain controller.
This class saw the replacement of TWIG with SquirrelMail, but probably barely remembers the former. They saw the introduction of e-mail quotas, and later home directory quotas.
The disk space used by this class’s home directories has grown by an order of magnitude since the end of their first semester. The number of e-mail messages they’ve sent and received has increased by a factor of five. They have always had their mail scanned for malicious attachments.
This class has gone from 10mbps shared hubs to 100mbps switched networks in their dorm rooms. When they were able to live in campus houses, wireless was there for them.
I’m sure there’s more, but that gives a taste of what’s happened in four years.
