[51898] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Mon Sep 9 20:34:48 2002
Date: Tue, 10 Sep 2002 03:32:31 +0300 (IDT)
From: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
Reply-To: <nanog@merit.edu>
To: Eliot Lear <lear@cisco.com>
Cc: Paul Vixie <vixie@vix.com>, <nanog@merit.edu>
In-Reply-To: <3D7D399F.1000706@cisco.com>
Errors-To: owner-nanog-outgoing@merit.edu
## On 2002-09-09 17:15 -0700 Eliot Lear typed:
EL>
EL> Paul Vixie wrote:
EL> > per-destination host AND port egress rate shaping. if someone tries to send
EL> > more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single
EL> > IP address, then you can safely RED their overage. this violates the whole
EL> > peer-to-peer model but there's no help for that in the short term. if some
EL> > internet cafe has a CuCme camera setup then you can find a way to let that
EL> > traffic off-net without rate shaping. this will be the exception.
EL>
EL> Please be aware that this could have unintended consequences, and should
EL> be used in very constrained ways. In particular, there are any number
EL> of applications, including VPN applications that use port 80. I would
EL> recommend that only specified destinations get such treatment, if you
EL> apply it at all.
Hi Eliot
Maybe I'm missing something obvious but do how you get rate-limiting per
TCP *flow* with Cisco IOS ?
--
Regards,
Rafi
