I work as network engineer on an ISP and i’m trying to deploy some kind of solution about policing/shapping P2P traffic. Any of you have experience about this using Zeroshell+IPP2P? Talking about 600mb traffic, what kind of hardware do you think could be capable to handle this?
By the way, do you know if IPP2P works under a MPLS enviroment?
I haven’t experience with L7-Filter, IPP2P and a throughput greater than 100Mbit/S. In this condition I use a dual Pentium 3 1000MHz with 1GB of RAM and the load average is very low. But actually the problem when you use the layer 7 filter (the same for IPP2P) is the number of new connections per second and not the throughput, because these netfilter modules examine only a few packets of the initial connection. The rest of connection traffic is classified by using the connection tracking which doesn’t need of much CPU power, but only of RAM to store information about the connections.
I think the best solution is to use a multicore CPU of the last generation with at least 1GB of RAM.
I haven’t tried these filters in a MPLS environment, but in any case they work at IP layer and I don’t think MPLS can be a problem at that level.
In the future I will include in Zeroshell a SNMP agent from which will be possible to retrieve statistics such as the traffic shaping classification. You will be ale to store and view them by using a web tool such as MRTG.