Firewall Wizards mailing list archives
Re: syslog and network management
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 13 Mar 2008 11:43:14 -0500 (EST)
On Mon, 3 Mar 2008, Darden, Patrick S. wrote:
UDP is a LOT faster than TCP. No ECC so it uses less cpu, less memory, and has less of a memory footprint. If you were dropping a lot of UDP, then TCP would not help at all--you would receive less, just more reliably.
First, Cisco routers drop UDP on overlaod before they drop TCP, so if your log server isn't on the same subnet, that may mean TCP is a better choice if you're getting flooded. Second, it depends on your buffers with TCP, but at least you'd know on the receiving end that you're dropping packets. With buffer tuning, you may be able to withstand flooding the log server and catching up again. Third, I'm pretty sure the RFCs say that UDP must default to checksumming packets. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: syslog and network management david (Mar 01)
- <Possible follow-ups>
- Re: syslog and network management david (Mar 01)
- Re: syslog and network management Darden, Patrick S. (Mar 10)
- Re: syslog and network management david (Mar 13)
- Re: syslog and network management Paul D. Robertson (Mar 13)
- Re: syslog and network management Darden, Patrick S. (Mar 16)
- Re: syslog and network management Darden, Patrick S. (Mar 10)
- Re: syslog and network management Roel Jonkman (Mar 13)
- Re: syslog and network management Paul D. Robertson (Mar 13)
- Re: syslog and network management Chuck Swiger (Mar 13)