[121101] in North American Network Operators' Group
Re: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Roger Marquis)
Sun Jan 10 11:20:17 2010
Date: Sun, 10 Jan 2010 08:19:27 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: Joe Greco <jgreco@ns.sol.net>
In-Reply-To: <201001101440.o0AEepqD060436@aurora.sol.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Then you need to get rid of that '90's antique web server and get
> something modern. When you say "interrupt-bound hardware," all you
> are doing is showing that you're not familiar with modern servers
> and quality operating systems that are designed to mitigate things
> like DDoS attacks.
"Modern" servers? IP is processed in the kernel on web servers,
regardless of OS. Have you configured a kernel lately? Noticed there
are ~3,000 lines in the Linux config file alone? _Lots_ of device
drivers in there, which are interrupt driven and have to be timeshared.
No servers I know do realtime processing (RT kernels don't) or process IP
in ASICs.
What configurations of Linux / BSD / Solaris / etc does web / email / ntp
/ sip / iptables / ipfw / ... and doesn't have issues with kernel
locking? Test it on your own servers by mounting a damaged DVD on the
root directory, and dd'ing it to /dev/null. Notice how the ATA/SATA/SCSI
driver impacts the latency of everything on the system. How would you
replicate that on a firmware and ASIC drive appliance?
Roger Marquis
