We don't 500 based on hit rate, rather concurrent connections. I considered taking it further with IP banning but it's really not needed. 500'ing of the Nth concurrent connection does the trick. Once they drop one of their connections, they can make new ones again. What I've noticed is that the concurrent yum connection is always very low, usually one or two concurrent at most. Yum clients have little to worry about, in fact even with global iplimit (not just ISO) no yum client was ever blocked. I limited it to iso files only 'just in case'. -- Randy www.FastServ.com ---------- Original Message ----------- From: Karanbir Singh <mail-lists at karan.org> To: "Mailing list for CentOS mirrors." <centos-mirror at centos.org> Sent: Sat, 23 Jan 2010 14:29:27 +0000 Subject: Re: [CentOS-mirror] Chinese IPs - Mirror Stats > On 01/23/2010 02:11 AM, Randy McAnally wrote: > > We only IPlimit .iso files and that solved the problem. Either way, even if > > you are sending 500's the yum clients at the NAT site will fail over to > > another mirror. What's the big deal?? > > doing this only for .iso files is fine. but doing it for all files > is not. the 'big deal' is that if all the mirrors were doing this > form of rate limiting for all files on their servers, its academic > for yum to fall over to the next mirror, since that one will be > blocking access as well. > > besides, lets not forget that yum can itself download, even from 1 > machine, more than 5 packages in a minute. So doing a block across > all files for 5/min is not a good idea. > > - KB > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org > http://lists.centos.org/mailman/listinfo/centos-mirror ------- End of Original Message -------