From owner-freebsd-hackers Fri Sep 13 06:53:10 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA20481 for hackers-outgoing; Fri, 13 Sep 1996 06:53:10 -0700 (PDT) Received: from mx.serv.net (mx.serv.net [199.201.191.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA20476 for ; Fri, 13 Sep 1996 06:53:07 -0700 (PDT) Received: from MindBender.serv.net by mx.serv.net (8.7.5/SERV Revision: 2.30 † id GAA14332; Fri, 13 Sep 1996 06:53:02 -0700 (PDT) Received: from localhost.HeadCandy.com (michaelv@localhost.HeadCandy.com [127.0.0.1]) by MindBender.serv.net (8.7.5/8.7.3) with SMTP id GAA02501; Fri, 13 Sep 1996 06:52:35 -0700 (PDT) Message-Id: <199609131352.GAA02501@MindBender.serv.net> X-Authentication-Warning: MindBender.serv.net: Host michaelv@localhost.HeadCandy.com [127.0.0.1] didn't use HELO protocol To: Robert Hanson cc: Andrew Stesin , firewalls@greatcircle.com, freebsd-hackers@freebsd.org Subject: Re: SYN floods - possible solution? (fwd) In-reply-to: Your message of Fri, 13 Sep 96 04:39:14 -0700. Date: Fri, 13 Sep 1996 06:52:35 -0700 From: "Michael L. VanLoon -- HeadCandy.com" Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >> > I've heard of 1,000 per sec which implies that >> > this box needs to hold open 30,000 to 75,000 potential sockets. Is there >> > any problem within IPv4 (seq #'s?) that would make this inherently >> > impossible? >> 200MHz P5, 2 PCI NICs, 256+ Mb RAM, >> fast SCSI disk subsystem, + intelligent OS with >> intelligent packet filter. That's a today's firewall >> of choice for many people, anyway. >> What do you people think? This should (might?) work... A P6 should give you much better through-put than a 200MHz P5 (and it still has room to grow). Not only that, but 200MHz P6s are cheaper than 200MHz P5s right now. I've also heard that a 200MHz P5 doesn't really run any faster than a 166MHz P5, because the bus is mostly saturated. >im thinking dec alpha with 64 bit OS... >is there 64 bit FreeBSD coming? Evidently Linus is working on >Linux/Alpha... That is an alternative. While Alphas are great, really fast CPUs, they also cost a lot more per MIPS than a decent Intel box. On the other hand, a really good Alpha (read expensive) can scale way beyond an Intel box, if you need the absolute fastest processing you can get. NetBSD/Alpha exists, and is mostly 64-bit from top to bottom. I don't believe Linux/Alpha is truly 64-bit. You might also consider going commercial, if you're going to buy such high-end hardware. Digital Unix (aka OSF/1) isn't as "sexy" as Net/FreeBSD, but it works, is stable, and actually will support multi-processor Alphas reliably. ----------------------------------------------------------------------------- Michael L. VanLoon michaelv@MindBender.serv.net --< Free your mind and your machine -- NetBSD free un*x >-- NetBSD working ports: 386+PC, Mac 68k, Amiga, Atari 68k, HP300, Sun3, Sun4/4c/4m, DEC MIPS, DEC Alpha, PC532, VAX, MVME68k, arm32... NetBSD ports in progress: PICA, others... -----------------------------------------------------------------------------