Example perfSONAR Limits File

{

    "#": "-------------------------------------------------------------------",

    "#": "                 PSCHEDULER LIMIT CONFIGURATION                    ",

    "#": "                                                                   ",

    "#": "This file is a sample which contains fairly sane defaults.  It     ",

    "#": "should be customized according to the needs of your site.          ",

    "#": "-------------------------------------------------------------------",




    "schema": 1,




    "#": "-------------------------------------------------------------------",

    "#": "IDENTIFIERS:  WHO'S ASKING?                                        ",

    "#": "                                                                   ",

    "#": "These identify who's asking to run the test.  One requester can    ",

    "#": "map to zero or more identifiers.                                   ",

    "#": "-------------------------------------------------------------------",




    "identifiers": [

        {

            "name": "everybody",

            "description": "An identifier that always identifies",

            "type": "always",

            "data": { }

        },

        {

            "name": "local-interfaces",

            "description": "Requests coming from this system",

            "type": "localif",

            "data": { }

        },

        {

            "name": "KanREN-PS",

            "description": "KanREN PerfSONAR nodes",

            "type": "ip-cidr-list",

            "data": {

                "cidrs": [ "XXXX:XXXX:XXXX::/48", "XXX.XXX.32.0/24", "XXX.XXX.255.0/24"  ]  "#": "remove this comment, CIDR list annonymized somewhat --CR  ",

            },

            "invert": false

        },

        {

            "#": "In plain English:  Identify all requests originating from  ",

            "#": "one of the addresses in a list of R&E networks downloaded  ",

            "#": "from ESNet.                                                ",




            "name": "r-and-e",

            "description": "Requests from research and education networks",

            "type": "ip-cidr-list-url",

            "data": {




                "#": "Where to download the list.  Note that this URL may    ",

                "#": "change in the future.                                  ",

                "source": "http://stats.es.net/sample_configs/pscheduler/ren",




                "#": "How often to download a fresh copy of the list.        ",

                "update": "P1D",




                "#": "How often to attempt to get the list if the last try to",

                "#": "download one failed.  Note that if a download fails,   ",

                "#": "the last-downloaded version will continue to be used.  ",

                "retry": "PT4H",




                "#": "Filter anything within these CIDRs from the list.      ",

                "exclude": [

                    "10.0.0.0/8",

                    "172.16.0.0/12",

                    "192.168.0.0/16"

                ],




                "#": "If there is no usable downloaded list, don't identify.",

                "fail-state": false

            }

        },

        {

            "#": "NOTE: This only works if the host can resolve DNS",

            "#": "on the public Internet.",




            "name": "bogons",

            "description": "Bogon/Martian IPv4 addresses without private networks",

            "type": "ip-cymru-bogon",

            "data": {

                "exclude": [

                    "10.0.0.0/8",

                    "127.0.0.0/8",

                    "172.16.0.0/12",

                    "192.168.0.0/16",

                    "169.254.0.0/16",

                    "::/8",

                    "fe80::/10"

                    ],

                "timeout": "PT1S",

                "fail-result": false

            }

        },

        {

            "name": "hackers",

            "description": "Blocks that have tried to hack us (actually TEST-NET-2)",

            "type": "ip-cidr-list",

            "data": {

                "cidrs": [ "198.51.100.0/24" ]

            }

        }

    ],





    "#": "-------------------------------------------------------------------",

    "#": "CLASSIFIERS:  HOW DO WE CLASSIFY THE IDENTIFIERS?                  ",

    "#": "                                                                   ",

    "#": "These collect identifiers into groups.                             ",

    "#": "-------------------------------------------------------------------",




    "classifiers": [

        {

            "name": "default",

            "description": "Everybody",

            "identifiers": [ "everybody" ]

        },

        {

            "name": "friendlies",

            "description": "Identifiers we find friendly",

            "identifiers": [ "local-interfaces","KanREN-PS","r-and-e" ]

        },

        {

            "name": "hostiles",

            "description": "Identifiers we find unfriendly",

            "identifiers": [ "hackers", "bogons" ]

        }

    ],





    "#": "-------------------------------------------------------------------",

    "#": "LIMITS:  WHAT ARE THE RESTRICTIONS?                                ",

    "#": "                                                                   ",

    "#": "These are comparisons made against the type of test being proposed,",

    "#": "the paramaters for the run and when it is proposed to be run.      ",

    "#": "-------------------------------------------------------------------",




    "limits": [

        {

            "name": "always",

            "description": "Always passes",

            "type": "pass-fail",

            "data": {

                "pass": true

            }

        },

        {

            "name": "never",

            "description": "Always fails",

            "type": "pass-fail",

            "data": {

                "pass": false

            }

        },

        {

            "#": "This prevents denial of service by scheduling long tasks.",

            "name": "idleex-default",

            "description": "Default limits for idleex",

            "type": "test",

            "data": {

                "test": "idleex",

                "limit": {

                    "duration": {

                        "range": {

                            "lower": "PT1S",

                            "upper": "PT2S"

                        }

                     }

                }

            }

        },




        {

            "name": "innocuous-tests",

            "description": "Tests considered harmless",

            "type": "test-type",

            "data": {

                "#": "Resource hogs, which will be inverted below",

                "types": [ "throughput", "idleex" ]

            },

            "invert": true

        },

        {

            "name": "throughput-default-template",

            "description": "Template for throughput defaults",

            "type": "test",

            "data": {

                "test": "throughput",

                "limit": {

                    "duration": {

                        "range": {

                            "lower": "PT5S",

                            "upper": "PT60S"

                        }

                     }

                }

            }

        },

        {

            "name": "throughput-default-udp",

            "description": "UDP throughput for all requesters",

            "clone": "throughput-default-template",

            "data": {

                "limit": {

                    "bandwidth": {

                        "range": {

                            "lower": "1",

                            "upper": "50M"

                        }

                    },

                    "udp": {

                        "match": true

                    }

                }

            }

        },

        {

            "name": "throughput-default-tcp",

            "description": "TCP throughput for all requesters",

            "clone": "throughput-default-template",

            "data": {

                "limit": {

                    "udp": {

                        "match": false

                    }

                }

            }

        }

    ],





    "#": "-------------------------------------------------------------------",

    "#": "APPLICATIONS:  TO WHOM DO WE APPLY THE LIMITS?                     ",

    "#": "                                                                   ",

    "#": "These are processed in order until one passes all of the           ",

    "#": "requirements.  The run will be rejected if one fails with          ",

    "#": "stop-on-failure set to true or none of them passes.                ",

    "#": "-------------------------------------------------------------------",




    "applications": [

        {

            "description": "Hosts we don't want running any tests",

            "classifier": "hostiles",

            "apply": [

                { "require": "all", "limits": [ "never" ] }

            ],

            "stop-on-failure": true

        },

        {

            "description": "Hosts we trust to do everything",

            "classifier": "friendlies",

            "apply": [

                { "require": "all", "limits": [ "always" ] }

            ]

        },

        {

            "description": "Defaults applied to non-friendly hosts",

            "classifier": "default",

            "apply": [

                {

                    "require": "any",

                    "limits": [

                        "innocuous-tests",

                        "throughput-default-tcp",

                        "throughput-default-udp",

                        "idleex-default"

                    ]

                }

            ]

        }

    ]

}