From owner-freebsd-net@FreeBSD.ORG  Tue Jan 27 20:15:30 2015
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id AC403FE1
 for <freebsd-net@freebsd.org>; Tue, 27 Jan 2015 20:15:30 +0000 (UTC)
Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com
 [209.85.214.176])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 72BD524F
 for <freebsd-net@freebsd.org>; Tue, 27 Jan 2015 20:15:30 +0000 (UTC)
Received: by mail-ob0-f176.google.com with SMTP id va2so15588503obc.7
 for <freebsd-net@freebsd.org>; Tue, 27 Jan 2015 12:15:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=JNXkdJOgLHqzLrM1W4RW1nr7eZghgRxjXyFZWOsvNRw=;
 b=L3QGwsLeweHVQ5t1q2wkZ9SqibMj0rKGWjpM+geWDpjs75fJwwGRCimHyKFz3Ph6n+
 JhLwLOHQWMAF4vgL2VWxKWOeB8VuU2Uq0BMlXddJE/e68SEI2ryAyE6E60f9PmvMLqKA
 igzv7cTdLR2ig3/lrrrZbAsbaGX0LgpmpLeCFyoAb7z5sih8v8ypzf7yevTLnPpMZXW7
 z3jbCBBTTDG0tvaBgKzfb3kjzgyTG19kCGLv6Pbm1fuIuSLBPu6kBeIiSqF8qYWzw8px
 Yepo8Z+a3905BgJuBXO4vE0RQ2rCB1O2MP4DRC3MvJvJVa0tgG2wVjUGzeVeSts7NhhA
 NcIQ==
X-Gm-Message-State: ALoCoQkLZWKXo5X1pgRXbmbp9SV8la9onZCV66zG8/BLLonEeFwH52sHKENyOf6melHChZejtggl
MIME-Version: 1.0
X-Received: by 10.60.124.194 with SMTP id mk2mr1858374oeb.79.1422389723654;
 Tue, 27 Jan 2015 12:15:23 -0800 (PST)
Received: by 10.60.92.195 with HTTP; Tue, 27 Jan 2015 12:15:23 -0800 (PST)
In-Reply-To: <CA+q+Tcrkp3U+b5816es3jsvhNfxpW_v+RQOa8a9BbLwNTm3RuQ@mail.gmail.com>
References: <871tmgceup.fsf@marcos.anarc.at>
 <A32D80F3-9D34-4136-A870-B28582F6EAA0@netgate.com>
 <87vbjsaxxy.fsf@marcos.anarc.at>
 <CA+q+Tcrkp3U+b5816es3jsvhNfxpW_v+RQOa8a9BbLwNTm3RuQ@mail.gmail.com>
Date: Tue, 27 Jan 2015 12:15:23 -0800
Message-ID: <CAHu1Y71XDO1fuCJM_Cw1wm4jt+igKisaTWRb4gBX3nsaepwMsQ@mail.gmail.com>
Subject: Re: is polling still a thing?
From: Michael Sierchio <kudzu@tenebras.com>
To: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@cochard.me>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
 Jim Thompson <jim@netgate.com>,
 =?UTF-8?Q?Antoine_Beaupr=C3=A9?= <anarcat@koumbit.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jan 2015 20:15:30 -0000

On small, embedded computers running ipfw w/kernel nat and device polling
enabled (on em ether adapters), I observed the *reported* system load grow
very high. When disabling polling on the interfaces, it went back to
something normal.

My impression is that the consensus among the core developers concerned
with networking is that device polling is an ancient hack and is
deprecated. In the case of a DDoS attack, there may be many other things to
try - at the infrastructure level - traffic diversion techniques like BGP
flowspec, use anycast, etc.  On the individual server level, use stateful
rules with GRED enabled, dropping most new tcp or udp traffic based on load.

That's a topic of its own...

- M