From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 13 06:16:51 2014 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2E356C30 for ; Wed, 13 Aug 2014 06:16:51 +0000 (UTC) Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E56BF22DE for ; Wed, 13 Aug 2014 06:16:50 +0000 (UTC) Received: by mail-qa0-f47.google.com with SMTP id i13so9705398qae.6 for ; Tue, 12 Aug 2014 23:16:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=mjW4cosYYHAgsFFRQf0Xi9hEIdMYOaMhBiqW5CCRNNA=; b=pIWgmFHFZdS0Yen+ENUOoDnaS4B5IbOxMw6b84V0yFnRW1JjpI2YQ2AR5LutIljFfQ kyRUHXHT6aQVJFRlS/uf2I55itBBDWzXQ5nRQlxqCEE2uLlQAsPnTNxVBLyIKPMmEdn2 fWK+QbPTocDwRJakOwVmiR+RShNjdREH/FadE6hfAQdZUYBqlH7uzEtipJgVEL3pAu8O 9A7vtObGh6k/mTXyw4kR6ZaM1f8ApXYwfDMNVcQt5G7ZiZGhrtX1FXzyYdup2sfOUZt7 9g4sk8oM3dxSsbrK2wnE8LuRibqCNJIutwN8aGR2BrMlpkzvNfwxuBYLdXJxOwIHQGei kVrA== MIME-Version: 1.0 X-Received: by 10.140.23.37 with SMTP id 34mr3530251qgo.2.1407910610068; Tue, 12 Aug 2014 23:16:50 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.224.39.139 with HTTP; Tue, 12 Aug 2014 23:16:50 -0700 (PDT) In-Reply-To: <53EAF018.4020604@ee.lbl.gov> References: <53EAF018.4020604@ee.lbl.gov> Date: Tue, 12 Aug 2014 23:16:50 -0700 X-Google-Sender-Auth: ycvLfJtqpjbGoIcYfab7dRRfmac Message-ID: Subject: Re: death of the Internet predicted. Film at 11. From: Adrian Chadd To: Craig Leres Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-hackers@freebsd.org" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2014 06:16:51 -0000 On 12 August 2014 21:56, Craig Leres wrote: > I was impacted by this this morning. I had ssh and imaps sessions from > my comcast address at home to a vps at arpnetworks.com and they all died > overnight. But it was a very strange failure. icmp and udp still worked > but tcp couldn't make the round trip. And this was true for several > different cidr's arpnetworks.com has. But everything worked fine from > other locations like from lbl. > > TCAM is pretty bizarre; I believe access lists use them and one time Bro > installed too many and overran the TCAM. This was not straight forward > to recover from (e.g. just removing a bunch of ACLs did not unfrob the > router). TCAM isn't bizarre. all the weird, complicated ways it is managed and programmed is what's bizarre. Some platforms may just decide "nope, overflowed, bye". Some platforms may decide that the best thing to do is CPU punt, but then you have to sort what you put into TCAM so when you CPU punt you're not doing it incorrectly. With that comes .. bugs. -a