{
"#": "-------------------------------------------------------------------",
"#": " PSCHEDULER LIMIT CONFIGURATION ",
"#": " ",
"#": "This file is a sample which contains fairly sane defaults. It ",
"#": "should be customized according to the needs of your site. ",
"#": "-------------------------------------------------------------------",
"schema": 1,
"#": "-------------------------------------------------------------------",
"#": "IDENTIFIERS: WHO'S ASKING? ",
"#": " ",
"#": "These identify who's asking to run the test. One requester can ",
"#": "map to zero or more identifiers. ",
"#": "-------------------------------------------------------------------",
"identifiers": [
{
"name": "everybody",
"description": "An identifier that always identifies",
"type": "always",
"data": { }
},
{
"name": "local-interfaces",
"description": "Requests coming from this system",
"type": "localif",
"data": { }
},
{
"name": "KanREN-PS",
"description": "KanREN PerfSONAR nodes",
"type": "ip-cidr-list",
"data": {
"cidrs": [ "XXXX:XXXX:XXXX::/48", "XXX.XXX.32.0/24", "XXX.XXX.255.0/24" ] "#": "remove this comment, CIDR list annonymized somewhat --CR ",
},
"invert": false
},
{
"#": "In plain English: Identify all requests originating from ",
"#": "one of the addresses in a list of R&E networks downloaded ",
"#": "from ESNet. ",
"name": "r-and-e",
"description": "Requests from research and education networks",
"type": "ip-cidr-list-url",
"data": {
"#": "Where to download the list. Note that this URL may ",
"#": "change in the future. ",
"source": "http://stats.es.net/sample_configs/pscheduler/ren",
"#": "How often to download a fresh copy of the list. ",
"update": "P1D",
"#": "How often to attempt to get the list if the last try to",
"#": "download one failed. Note that if a download fails, ",
"#": "the last-downloaded version will continue to be used. ",
"retry": "PT4H",
"#": "Filter anything within these CIDRs from the list. ",
"exclude": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
],
"#": "If there is no usable downloaded list, don't identify.",
"fail-state": false
}
},
{
"#": "NOTE: This only works if the host can resolve DNS",
"#": "on the public Internet.",
"name": "bogons",
"description": "Bogon/Martian IPv4 addresses without private networks",
"type": "ip-cymru-bogon",
"data": {
"exclude": [
"10.0.0.0/8",
"127.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
"169.254.0.0/16",
"::/8",
"fe80::/10"
],
"timeout": "PT1S",
"fail-result": false
}
},
{
"name": "hackers",
"description": "Blocks that have tried to hack us (actually TEST-NET-2)",
"type": "ip-cidr-list",
"data": {
"cidrs": [ "198.51.100.0/24" ]
}
}
],
"#": "-------------------------------------------------------------------",
"#": "CLASSIFIERS: HOW DO WE CLASSIFY THE IDENTIFIERS? ",
"#": " ",
"#": "These collect identifiers into groups. ",
"#": "-------------------------------------------------------------------",
"classifiers": [
{
"name": "default",
"description": "Everybody",
"identifiers": [ "everybody" ]
},
{
"name": "friendlies",
"description": "Identifiers we find friendly",
"identifiers": [ "local-interfaces","KanREN-PS","r-and-e" ]
},
{
"name": "hostiles",
"description": "Identifiers we find unfriendly",
"identifiers": [ "hackers", "bogons" ]
}
],
"#": "-------------------------------------------------------------------",
"#": "LIMITS: WHAT ARE THE RESTRICTIONS? ",
"#": " ",
"#": "These are comparisons made against the type of test being proposed,",
"#": "the paramaters for the run and when it is proposed to be run. ",
"#": "-------------------------------------------------------------------",
"limits": [
{
"name": "always",
"description": "Always passes",
"type": "pass-fail",
"data": {
"pass": true
}
},
{
"name": "never",
"description": "Always fails",
"type": "pass-fail",
"data": {
"pass": false
}
},
{
"#": "This prevents denial of service by scheduling long tasks.",
"name": "idleex-default",
"description": "Default limits for idleex",
"type": "test",
"data": {
"test": "idleex",
"limit": {
"duration": {
"range": {
"lower": "PT1S",
"upper": "PT2S"
}
}
}
}
},
{
"name": "innocuous-tests",
"description": "Tests considered harmless",
"type": "test-type",
"data": {
"#": "Resource hogs, which will be inverted below",
"types": [ "throughput", "idleex" ]
},
"invert": true
},
{
"name": "throughput-default-template",
"description": "Template for throughput defaults",
"type": "test",
"data": {
"test": "throughput",
"limit": {
"duration": {
"range": {
"lower": "PT5S",
"upper": "PT60S"
}
}
}
}
},
{
"name": "throughput-default-udp",
"description": "UDP throughput for all requesters",
"clone": "throughput-default-template",
"data": {
"limit": {
"bandwidth": {
"range": {
"lower": "1",
"upper": "50M"
}
},
"udp": {
"match": true
}
}
}
},
{
"name": "throughput-default-tcp",
"description": "TCP throughput for all requesters",
"clone": "throughput-default-template",
"data": {
"limit": {
"udp": {
"match": false
}
}
}
}
],
"#": "-------------------------------------------------------------------",
"#": "APPLICATIONS: TO WHOM DO WE APPLY THE LIMITS? ",
"#": " ",
"#": "These are processed in order until one passes all of the ",
"#": "requirements. The run will be rejected if one fails with ",
"#": "stop-on-failure set to true or none of them passes. ",
"#": "-------------------------------------------------------------------",
"applications": [
{
"description": "Hosts we don't want running any tests",
"classifier": "hostiles",
"apply": [
{ "require": "all", "limits": [ "never" ] }
],
"stop-on-failure": true
},
{
"description": "Hosts we trust to do everything",
"classifier": "friendlies",
"apply": [
{ "require": "all", "limits": [ "always" ] }
]
},
{
"description": "Defaults applied to non-friendly hosts",
"classifier": "default",
"apply": [
{
"require": "any",
"limits": [
"innocuous-tests",
"throughput-default-tcp",
"throughput-default-udp",
"idleex-default"
]
}
]
}
]
}