Re: Mpd-4.2 released.
- From: Alexander Motin <mav@xxxxxxxxxxx>
- Date: Wed, 27 Jun 2007 15:08:39 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ovi wrote:
Also as you know
PPPoE is vulnerable to arp poisoning and to DoSs. Having a small network
with 10-20 computers using mpd is easy, but having 2000 users or more,
things changes, problems appears. Solving arp poisoning or DoS attack
(sometimes caused by a burned switch port which mixes RX with TX) I
thing can be done using a Layer2 managed switch, with ACLs, I will try
and I'll inform you.
Even if pppoe have some DoS weaknesses it also have some protection
mechanisms against it. It's a pity but ng_pppoe originally implements
protocol in a way which does not allow this protection to be effectively
used.
As I have told 4.2 release contains overload protection which should
also help against DoS attacks. I am not sure it will be able to handle
100Mbit/s flood of PADI requests from broken switch, but should avoid
mpd freeze in such case.
When having many users, it is useful to have high availability, so it
would be nice and useful to setup multiple pppoe servers . I've tried
that, using a router, connected
to 2 pppoe servers, and at every pppoe connection, a route was added to
the router and when user disconnected, the route was deleted from
router. This is still a buggy implementation, we had problems messing
up routing table.
Having several PPPoE servers in one segment is a normal solution
protocol. It is not so efficient now as it could be due to ng_pppoe
implementation problem I have told, but it still should increase
performance and stability.
What is about routing problems, you just should find good dynamic
routing solution. I have successfully working network with hundred PPPoE
servers and many thousands of users with routing successfully managed by
quagga bgp.
- --
Alexander Motin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGglNH0kCgngV3usoRAoANAJ9k2lRBnR8VtWu4pm1BhiQKwrimuQCgkTEE
oY83aUVdgXzPITM/ea4cTK8=
=Sk3P
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Mpd-4.2 released.
- From: Julian Elischer
- Re: Mpd-4.2 released.
- From: Ovi
- Re: Mpd-4.2 released.
- References:
- Mpd-4.2 released.
- From: Alexander Motin
- Re: Mpd-4.2 released.
- From: Nikolay Pavlov
- Re: Mpd-4.2 released.
- From: Alexander Motin
- Re: Mpd-4.2 released.
- From: Ovi
- Mpd-4.2 released.
- Prev by Date: Re: Mpd-4.2 released.
- Next by Date: Re: Mpd-4.2 released.
- Previous by thread: Re: Mpd-4.2 released.
- Next by thread: Re: Mpd-4.2 released.
- Index(es):
Relevant Pages
|
