Re: 5.x concerns
From: Robert Watson (rwatson_at_FreeBSD.org)
Date: Sun, 13 Feb 2005 20:49:16 +0000 (GMT) To: Scott Long <firstname.lastname@example.org>
On Sun, 6 Feb 2005, Scott Long wrote:
> > 3 - robustness, 5.3 seems to not handle ddos attacks so well, I
> > remember on a 4.x machine I could easily take a full 100mbit udp flood
> > and have the server respond albeit maybe with some lag but it stayed
> > functional, 5.x seems to crumble under a lot less pressure on the same
> > machine. This could be with pf been loaded on top of ipfw adding
> > extra overhead I dont know.
> This probably would add quite a bit of overhead. The ipfw package is
> not locked, so dealing with that adds even more overhead, unfortunately.
Actualy, just to set the record straight on this technically -- ipfw is
locked, albeit using a variation on the sx lock theme. ipfw will run
without Giant as long as the rest of the stack is running without Giant.
Robert N M Watson
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"