D/DoS mitigation hardware/software needed.
marquis at roble.com
Sun Jan 10 10:19:27 CST 2010
> Then you need to get rid of that '90's antique web server and get
> something modern. When you say "interrupt-bound hardware," all you
> are doing is showing that you're not familiar with modern servers
> and quality operating systems that are designed to mitigate things
> like DDoS attacks.
"Modern" servers? IP is processed in the kernel on web servers,
regardless of OS. Have you configured a kernel lately? Noticed there
are ~3,000 lines in the Linux config file alone? _Lots_ of device
drivers in there, which are interrupt driven and have to be timeshared.
No servers I know do realtime processing (RT kernels don't) or process IP
What configurations of Linux / BSD / Solaris / etc does web / email / ntp
/ sip / iptables / ipfw / ... and doesn't have issues with kernel
locking? Test it on your own servers by mounting a damaged DVD on the
root directory, and dd'ing it to /dev/null. Notice how the ATA/SATA/SCSI
driver impacts the latency of everything on the system. How would you
replicate that on a firmware and ASIC drive appliance?
More information about the NANOG