[122226] in North American Network Operators' Group
Re: black listing of web traffic
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Feb 9 19:45:30 2010
To: Andrey Gordon <andrey.gordon@gmail.com>
In-Reply-To: Your message of "Tue, 09 Feb 2010 17:44:01 EST."
<90ccfc91002091444n5a9fb96ak76b55fefb8cc014c@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 09 Feb 2010 19:28:33 -0500
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1265761712_4693P
Content-Type: text/plain; charset=us-ascii
On Tue, 09 Feb 2010 17:44:01 EST, Andrey Gordon said:
> It does seem much like NAT exhaustion even though the f/w claims only 13K
> session for two dynamic NATs and about 20 static ones.
> What I don't get is why there is consistency in opening sites. Why does
> facebook open all the time and store.apple.com barely opens all the time.
This sounds like possibly a hash table with a spectacularly poor hash function,
causing most of your entries to be in only a few hash buckets. You hit one
of the 497 buckets that has 0 or 1 or 3 entries, it works great. You hit one
of 3 buckets that has 4,000+ entries in it, things suck. (You Linux geeks
can quit smirking - Linux had a very similar issue in its networking stack
not so long ago).
Never underestimate the ability of vendor engineers to write hilariously
poor code:
http://thedailywtf.com/Articles/Else-where.aspx
You really gotta assume that your firewall code (or any other code, for that
matter) was written by that programmer until proved otherwise.
--==_Exmh_1265761712_4693P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFLcf2wcC3lWbTT17ARAjNjAJ9Mxf6spvx4vHmOQRUIpMScFewptACgx2cj
gUMMOEelTOL5n+7xeuTLjFY=
=Dacj
-----END PGP SIGNATURE-----
--==_Exmh_1265761712_4693P--
