From owner-freebsd-net@FreeBSD.ORG Wed Jun 27 16:46:56 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5684116A46B for ; Wed, 27 Jun 2007 16:46:56 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outW.internet-mail-service.net (outW.internet-mail-service.net [216.240.47.246]) by mx1.freebsd.org (Postfix) with ESMTP id 434CE13C483 for ; Wed, 27 Jun 2007 16:46:56 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Wed, 27 Jun 2007 09:46:54 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 7C408125B59; Wed, 27 Jun 2007 09:45:30 -0700 (PDT) Message-ID: <46829431.8020500@elischer.org> Date: Wed, 27 Jun 2007 09:45:37 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604) MIME-Version: 1.0 To: Alexander Motin References: <468135BF.8010407@freebsd.org> <20070626214936.GC79335@zone3000.net> <4681A062.9040009@freebsd.org> <468245F8.1090709@unixservers.us> <46825347.1030206@freebsd.org> In-Reply-To: <46825347.1030206@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Ovi , mpd-users@lists.sourceforge.net Subject: Re: Mpd-4.2 released. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 16:46:56 -0000 Alexander Motin wrote: > > Even if pppoe have some DoS weaknesses it also have some protection > mechanisms against it. It's a pity but ng_pppoe originally implements > protocol in a way which does not allow this protection to be effectively > used. ng_pppoe can always be rewritten :-) > > As I have told 4.2 release contains overload protection which should > also help against DoS attacks. I am not sure it will be able to handle > 100Mbit/s flood of PADI requests from broken switch, but should avoid > mpd freeze in such case. > >> When having many users, it is useful to have high availability, so it >> would be nice and useful to setup multiple pppoe servers . I've tried >> that, using a router, connected >> to 2 pppoe servers, and at every pppoe connection, a route was added to >> the router and when user disconnected, the route was deleted from >> router. This is still a buggy implementation, we had problems messing >> up routing table. > > Having several PPPoE servers in one segment is a normal solution > protocol. It is not so efficient now as it could be due to ng_pppoe > implementation problem I have told, but it still should increase > performance and stability. > > What is about routing problems, you just should find good dynamic > routing solution. I have successfully working network with hundred PPPoE > servers and many thousands of users with routing successfully managed by > quagga bgp. > >