Mailing List Archive: Rate-limiting connections through one host?

Rate-limiting connections through one host?

Feb 26, 2018, 3:30 AM

Post #1 of 4 (538 views)

I have a slightly unusual RANCID problem - we have some multi-context
Cisco ASAs, where for convenience, each context is backed up as a
separate 'host'. To do that:

1) hostnames are firewallname[contextname]
2) removed some 'force lower case stuff' because our context names are
capitalised
3) Pass the [contextname] bit as a separate parameter to the polling process
4) *rancid script that knows to switch to the correct context
5) some small patches to allow the filename to be different from the hostname

All of that is not standard, but the problem I see now is that rancid
blitzes the firewall with dozens of concurrent connections, as these
"different" devices are all polled together. It occurred to me that
anyone with a terminal server, or some other proxy would see similar
issues though, so maybe there's already a solution for it.

My current plan is to randomize the order of the hosts during
control_rancid passes, so at least it's not deterministic which ones
will fail 3 times, and I get a fairly recent backup of everything.

Has anyone else run across similar issues and found a more elegant solution?

Thanks,

Howard

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: Rate-limiting connections through one host? [ In reply to ]

heas at shrubbery

Feb 26, 2018, 10:21 AM

Post #2 of 4 (537 views)

Permalink

Mon, Feb 26, 2018 at 11:30:36AM +0000, Howard Jones:
> I have a slightly unusual RANCID problem - we have some multi-context
> Cisco ASAs, where for convenience, each context is backed up as a
> separate 'host'. To do that:
>
> 1) hostnames are firewallname[contextname]
> 2) removed some 'force lower case stuff' because our context names are
> capitalised
> 3) Pass the [contextname] bit as a separate parameter to the polling process
> 4) *rancid script that knows to switch to the correct context
> 5) some small patches to allow the filename to be different from the hostname
>
> All of that is not standard, but the problem I see now is that rancid
> blitzes the firewall with dozens of concurrent connections, as these
> "different" devices are all polled together. It occurred to me that
> anyone with a terminal server, or some other proxy would see similar
> issues though, so maybe there's already a solution for it.
>
> My current plan is to randomize the order of the hosts during
> control_rancid passes, so at least it's not deterministic which ones
> will fail 3 times, and I get a fairly recent backup of everything.
>
> Has anyone else run across similar issues and found a more elegant solution?

reduce the number of concurrent connections in <group>/rancid.conf.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: Rate-limiting connections through one host? [ In reply to ]

howie at thingy

Feb 26, 2018, 12:55 PM

Post #3 of 4 (537 views)

Permalink

On 26/02/2018 18:21, heasley wrote:
>
> reduce the number of concurrent connections in <group>/rancid.conf.

Thanks! I didn't know <group>/rancid.conf was a thing!

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: Rate-limiting connections through one host? [ In reply to ]

heas at shrubbery

Feb 26, 2018, 2:08 PM

Post #4 of 4 (537 views)

Permalink

Mon, Feb 26, 2018 at 08:55:05PM +0000, Howard Jones:
> On 26/02/2018 18:21, heasley wrote:
> >
> > reduce the number of concurrent connections in <group>/rancid.conf.
>
> Thanks! I didn't know <group>/rancid.conf was a thing!

it is in 3.something. see the change log.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss