[122329] in North American Network Operators' Group
Re: Linux Router distro's with dual stack capability
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Thu Feb 11 18:46:56 2010
To: Chuck Anderson <cra@WPI.EDU>
In-reply-to: Your message of "Thu, 11 Feb 2010 18:20:13 EST."
<20100211232013.GS27179@angus.ind.WPI.EDU>
Date: Thu, 11 Feb 2010 15:46:13 -0800
From: "Kevin Oberman" <oberman@es.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Date: Thu, 11 Feb 2010 18:20:13 -0500
> From: Chuck Anderson <cra@WPI.EDU>
>
> On Thu, Feb 11, 2010 at 04:12:03PM -0600, William Pitcock wrote:
> > On Thu, 2010-02-11 at 13:05 -0500, Jack Carrozzo wrote:
> > > Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See
> > > the freebsd-isp list.
> >
> > FreeBSD's network stack chokes up in DDoS attacks due to interrupt
> > flooding. We used to use FreeBSD for firewalling and basic routing, but
> > when noticing that we had horizontal scalability (e.g. a Celeron 667mhz
> > performed nearly as well as a dual dual-core Xeon system when DDoS
> > attacks happened), we switched to Vyatta, and generally have not looked
> > back.
>
> Have you tried using FreeBSD's polling mode instead of interrupt mode?
>
> No experience with it myself, but it sounds cool:
>
> http://info.iet.unipi.it/~luigi/polling/
>
Polling is excellent for low speed lines, but for Gig and faster, most
newer interfaces support interrupt coalescing. This easily resolves the
issue in hardware as interrupts are only issued when needed but limited
to a reasonable rate, Polling does not use interrupts, but consumes
system resources regardless of traffic.
FreeBSD has supported polling for a long time (V6?) and interrupt
coalescing since some release of V7. (Latest release is V8.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
