Syafril Hermansyah said the following on 22/04/08 09:22 +07:00:
|Windows socket filtering (tcp packet filtering yg paling efisien dan
|tersetting dg baik akan menurunkan kapasitas bandwidth sedikitnya 20%.
|Kalau kondisi normal dan bandwith Anda besar tidak jadi masalah, akan
|tetapi kalau bandwidth sender kecil atau bermasalah (misalkan internet
|traffic ada gangguan) maka Anda akan mengalami banyak incoming mail yg
|tidak bisa masuk (time out).
Ada referensinya Pak Syafril?
Kemarin sdh dikasih satu link, kalau kurang tinggal di search di google
atau search engine lain.
Packet filteringkan kerjanya spt SATPAM, memeriksa packet satu persatu
yg lewat, adalah logis membuat tcp packet traffic melambat.
Kalau yg dilewatkan packet utk protocol http tidak terlalu jadi masalah,
krn http protocol tdk menspefikasi idle time out secara ketat; kalau
mail protocol setiap smtp command punya idle time out masing-2x (yg
berbeda satu dg yg lain) dan umumnya hanya singkat (kecuali DATA command
yg paling panjang).
Ini tambahan bacaan
http://www.greatcircle.com/pkt_filtering.html
sedikit kutipan
Complications due to IP fragmentation
Yet another complication to packet filtering is IP packet fragmentation.
IP supports the notion that any router along a packet's path may
"fragment" that packet into several smaller packets, to accommodate the
limitations of underlying media, to be reassembled into the original IP
packet at the destination.
packet fragmentation ini membuat traffic lambat.
Ada penyakit lain dari orang-2x paranoid yg main asal block semua
incoming port (kecuali port-2x tertentu misalkan port 25), diluar itu di
block. Hal ini membuat multi tasking terhambat krn return packet diblock.
TCP and UDP source port are often omitted from filtering criteria
Another problem is that current filtering implementations often omit the
source UDP/TCP port from consideration in filtering rules, leading to
common cases where it is impossible to allow both inbound and outbound
traffic to a service without opening up gaping holes to other services.
For instance, without being able to consider both the source and
destination port numbers of a given packet, you can't allow inbound SMTP
connections to internal machines (for inbound email) and outbound SMTP
connections to all external machines (so that you can send outbound
mail) without ending up allowing all connections between internal and
external machines where both ends of the connection are on ports at or
above port 1024.
Secure (terlindung) itu baik, akan tetapi jauh lebih penting adalah Safe
(aman).
--
syafril
-------
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 10.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
--
--[MDaemon-L]------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format
Plain-text
Arsip : <http://mdaemon-l.dutaint.com>
Henti Langgan : Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan : kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi Terakhir : MD 9.6.5, MDSP 3.0.6, MOC 2.2.0
