nanog mailing list archives
Re: D/DoS mitigation hardware/software needed.
From: Roger Marquis <marquis () roble com>
Date: Sun, 10 Jan 2010 08:19:27 -0800 (PST)
Then you need to get rid of that '90's antique web server and get something modern. When you say "interrupt-bound hardware," all you are doing is showing that you're not familiar with modern servers and quality operating systems that are designed to mitigate things like DDoS attacks.
"Modern" servers? IP is processed in the kernel on web servers, regardless of OS. Have you configured a kernel lately? Noticed there are ~3,000 lines in the Linux config file alone? _Lots_ of device drivers in there, which are interrupt driven and have to be timeshared. No servers I know do realtime processing (RT kernels don't) or process IP in ASICs. What configurations of Linux / BSD / Solaris / etc does web / email / ntp / sip / iptables / ipfw / ... and doesn't have issues with kernel locking? Test it on your own servers by mounting a damaged DVD on the root directory, and dd'ing it to /dev/null. Notice how the ATA/SATA/SCSI driver impacts the latency of everything on the system. How would you replicate that on a firmware and ASIC drive appliance? Roger Marquis
Current thread:
- RE: D/DoS mitigation hardware/software needed., (continued)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. jul (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
- RE: D/DoS mitigation hardware/software needed. George Bonser (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Joe Greco (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Roger Marquis (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Joe Greco (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Valdis . Kletnieks (Jan 10)
- Message not available
- Re: D/DoS mitigation hardware/software needed. Roger Marquis (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Manolo Hernandez (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Kevin Oberman (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)