[157339] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Attacking on Source Port 0 (ZERO)

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Mon Oct 15 22:47:39 2012

From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Tue, 16 Oct 2012 02:47:24 +0000
In-Reply-To: <2F8495EC-B5A0-42CF-9503-DC917EC117BA@gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


On Oct 16, 2012, at 8:57 AM, Ryan Malayter wrote:

> 10G+ forwarding with minimum packet sizes is possible on a single core us=
ing optimized kernels (see Intel DPDK and PF_RING DNA).

Of course it isn't.  You can *approach* 10gb/sec with multiple cores and mi=
nimum packet sizes, granted.

> You don't need to handle more packets than you can possibly receive over =
your interfaces.

Yes, you do, because forwarding 64-byte packets at 'line-rate', whilst very=
 important, isn't the only metric.

I know all about the forwarding capabilities of modern general-purpose CPUs=
, ring-buffers, et. al.  I know what is possible, and what isn't possible. =
 And please, no more from the Vyatta crowd, et. al. - they're like the s/Fl=
ow shouters, only more so.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton



home help back first fref pref prev next nref lref last post