Linux Router distro's with dual stack capability
Kevin Oberman
oberman at es.net
Thu Feb 11 23:46:13 UTC 2010
> Date: Thu, 11 Feb 2010 18:20:13 -0500
> From: Chuck Anderson <cra at WPI.EDU>
>
> On Thu, Feb 11, 2010 at 04:12:03PM -0600, William Pitcock wrote:
> > On Thu, 2010-02-11 at 13:05 -0500, Jack Carrozzo wrote:
> > > Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See
> > > the freebsd-isp list.
> >
> > FreeBSD's network stack chokes up in DDoS attacks due to interrupt
> > flooding. We used to use FreeBSD for firewalling and basic routing, but
> > when noticing that we had horizontal scalability (e.g. a Celeron 667mhz
> > performed nearly as well as a dual dual-core Xeon system when DDoS
> > attacks happened), we switched to Vyatta, and generally have not looked
> > back.
>
> Have you tried using FreeBSD's polling mode instead of interrupt mode?
>
> No experience with it myself, but it sounds cool:
>
> http://info.iet.unipi.it/~luigi/polling/
>
Polling is excellent for low speed lines, but for Gig and faster, most
newer interfaces support interrupt coalescing. This easily resolves the
issue in hardware as interrupts are only issued when needed but limited
to a reasonable rate, Polling does not use interrupts, but consumes
system resources regardless of traffic.
FreeBSD has supported polling for a long time (V6?) and interrupt
coalescing since some release of V7. (Latest release is V8.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the NANOG
mailing list