Re: FreeBSD, quagga (BGP) and 2950 VLANs

From: Daniel Po*** (daniel_at_lvdx.com)
Date: 09/26/05

  • Next message: Kurt Jaeger: "Filtering (was Re: FreeBSD, quagga (BGP) and 2950 VLANs)" 
    Date: Mon, 26 Sep 2005 22:50:05 +0100
To: freebsd-isp@freebsd.org

    Chuck Swiger wrote:

    > Daniel Po*** wrote:
    > [ ... ]
    >
    >> I'm also curious about whether FreeBSD supports polled rather than
    >> interrupt driven behaviour in the NIC driver - that means that the
    >> system won't keep on re-entering an interrupt handler concurrently
    >> while under load (when a DoS attack is in progress).
    >
    >
    > Indeed it does, see "man polling".
    > Make sure you increase HZ to at least 1000...
    >
    Good news - I got the quagga and vlan stuff working. Thanks for all
    those who gave tips on this issue. It was surprisingly easy to get all
    this going and I'm now receiving a full BGP table from an upstream provider.

    I'm now starting to look at how to filter packets that I am forwarding,
    to ensure that none of the people I connect to can use me as their
    default route (unless I give them permission to do so). The FreeBSD
    docs mention three different packet filters - pf, ipfw and ipf.

    Does any of these have specific benefits for a routing device that is
    forwarding 99.9% of it's traffic to other hosts, or is it just a
    question of personal preference? The rules I intend to write are fairly
    simple, and I don't need any state-based stuff.

    --------------------------------------
    Director
    London Voice and Data Exchange Limited
    http://www.lvdx.com
    --------------------------------------

  • Next message: Kurt Jaeger: "Filtering (was Re: FreeBSD, quagga (BGP) and 2950 VLANs)"