ESnet perfSONAR limits file
ESnet allows testing to it's perfSONAR hosts from any host in the world connected to a Research and Education (R&E) Network. This is controlled via a nightly cron job that generates updated files that are included in /etc/pscheduler/limits.conf (was /etc/bwctl-server.limits in v3.5) file from the ESnet routing tables. This configuration file tells pScheduler/bwctld what subnets can initiate a test, and what test parameters are allowed (e.g. test duration, protocol, etc).
If you wish to restrict access to your perfSONAR host to only R&E hosts, we recommend configuring pScheduler (perfSONAR 4.x) or bwctld (perfSONAR 3.x) to use these files.
The files are available at: http://stats.es.net/sample_configs/pscheduler/ and http://stats.es.net/sample_configs/bwctl-server.limits.
pScheduler will automatically download these files daily if you add the URL to them to the pScheduler limits.conf file.
Limits File Content and Structure
The complete documentation for the pScheduler limits system is available at docs.perfsonar.net.
Example classes you can add to the limits file include:
- esnet (addresses for ESnet-owned hosts)
- sites (address blocks from ESnet sites)
- collaborators (address blocks for specific ESnet collaborators)
- ren (address blocks reachable via research and education networks)
- amazon (amazon.com addresses, e.g. for AWS or EC2 instances)
The ESnet limits file permits tests from the named classes, and denies all other tests. This means that most of the commodity Internet (e.g. home broadband networks, smart phones, 3G/4G broadband modems, etc.) cannot run throughput tests to the ESnet perfSONAR hosts.
Note that perfSONAR 4.0 hosts running bwctl for backward compatibility will need to follow the instructions below to add limits to bwctl as well.
Using the ESnet bwctl-server.limits file (for perfSONAR v3.5 hosts)
If you wish to configure your throughput test hosts with a policy identical to the ESnet policy, you need only download the latest file once per day and install it on your test hosts.
To use the ESnet bwctl-server.limits file, get this file from ESnet as follows:
mv bwctl-server.limits bwctl-server.limits.dist
wget --no-check-certificate http://stats.es.net/sample_configs/bwctl-server.limits
ESnet provides a shell script suitable for use by cron that will download and install the latest bwctl-server.limits file. The limits file is generated once per day between 20:00 and 21:00 Pacific Time. You can run the shell script from cron to keep your bwctld.limits file up to date (it is recommended that you do this outside the time window when the new file is being generated). To download the shell script from the ESnet server do the following:
wget --no-check-certificate http://stats.es.net/sample_configs/update_limits.sh
chmod +x update_limits.sh
To have cron run the update script, install a cron job like so:
add this line:
1 1 * * * (/etc/bwctld/update_limits.sh) > /var/log/update_limits.log 2>&1
Note that the limits file contains (as a side effect) the R&E routing table from ESnet’s perspective. The combination of the esnet, sites, and ren classes provide a list of prefixes that ESnet and ESnet sites can reach via science networks. This list of prefixes is compiled from the ESnet backbone routing table, and is derived from the prefixes received from peerings with other science networks. Aggregation is done where possible to reduce the prefix count.