Date: Mon, 26 Sep 2005 22:50:05 +0100 From: Daniel Pocock <daniel@lvdx.com> To: freebsd-isp@freebsd.org Subject: Re: FreeBSD, quagga (BGP) and 2950 VLANs Message-ID: <43386D0D.7000209@lvdx.com> In-Reply-To: <432F4A12.9090709@mac.com> References: <432EC4FF.4030706@lvdx.com> <20050919205757.GI62233@complx.LF.net> <432F3013.7090001@keystreams.com> <20050919214618.GJ62233@complx.LF.net> <20050919215605.GK62233@complx.LF.net> <432F4507.4020708@lvdx.com> <432F4A12.9090709@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms000203000804020905090400 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Chuck Swiger wrote: > Daniel Pocock wrote: > [ ... ] > >> I'm also curious about whether FreeBSD supports polled rather than >> interrupt driven behaviour in the NIC driver - that means that the >> system won't keep on re-entering an interrupt handler concurrently >> while under load (when a DoS attack is in progress). > > > Indeed it does, see "man polling". > Make sure you increase HZ to at least 1000... > Good news - I got the quagga and vlan stuff working. Thanks for all those who gave tips on this issue. It was surprisingly easy to get all this going and I'm now receiving a full BGP table from an upstream provider. I'm now starting to look at how to filter packets that I am forwarding, to ensure that none of the people I connect to can use me as their default route (unless I give them permission to do so). The FreeBSD docs mention three different packet filters - pf, ipfw and ipf. Does any of these have specific benefits for a routing device that is forwarding 99.9% of it's traffic to other hosts, or is it just a question of personal preference? The rules I intend to write are fairly simple, and I don't need any state-based stuff. -------------------------------------- Director London Voice and Data Exchange Limited http://www.lvdx.com -------------------------------------- --------------ms000203000804020905090400 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII4TCC AsswggI0oAMCAQICAw4bBzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMjIyMTcwMTQ2WhcNMDYwMjIyMTcwMTQ2 WjBBMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR4wHAYJKoZIhvcNAQkBFg9k YW5pZWxAbHZkeC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzR3Orw/fI sDm1pnwnQMEwiETBQcKtjolpydPqx0vhhZltrsd1pFxksr2kgylwclf1Ru2Jl/IoyjctJhZn VzADqrXjSlyf6efn/VBigEwKraH64ijM10aaTq72wMfs5/6i3YgxSHfOGkz0Tw5u2rwmL7cl teyP/Bv3PZxIqcfvaRVIKM6GhBrBUE+4UfOA5ggrQy1UKLjflnDgW5+UcIuPPvq5nPecfzKs FbmuGyG7m+tNzN+QRBp9//gIOWEuth9dvKI8g1RJ23PS6mHmH/2+nGeyT8n9F0bGjndCVAyk PUHv6JcAaTCeJcezOsJ96+8F+d66xIn+M1pey1XTwjx9AgMBAAGjLDAqMBoGA1UdEQQTMBGB D2RhbmllbEBsdmR4LmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBABUeLsOY W/0NBblgBJoUjD0lvoQyAi5M5chYlww19zWE4bL7XONYqp897JTJFumcN3nFwPJygWAgXozZ Qqd2tnw5bKyOUcISoO8w4+Ipna2Xs7gf+dLCAsYBPY7RY9ID2y/IEA5gvn7HpDf3N4AwtkYr kcCeQmqcuT5xUt/YbjBkMIICyzCCAjSgAwIBAgIDDhsHMA0GCSqGSIb3DQEBBAUAMGIxCzAJ BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNTAyMjIxNzAx NDZaFw0wNjAyMjIxNzAxNDZaMEExHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx HjAcBgkqhkiG9w0BCQEWD2RhbmllbEBsdmR4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAPNHc6vD98iwObWmfCdAwTCIRMFBwq2OiWnJ0+rHS+GFmW2ux3WkXGSyvaSD KXByV/VG7YmX8ijKNy0mFmdXMAOqteNKXJ/p5+f9UGKATAqtofriKMzXRppOrvbAx+zn/qLd iDFId84aTPRPDm7avCYvtyW17I/8G/c9nEipx+9pFUgozoaEGsFQT7hR84DmCCtDLVQouN+W cOBbn5Rwi48++rmc95x/MqwVua4bIbub603M35BEGn3/+Ag5YS62H128ojyDVEnbc9LqYeYf /b6cZ7JPyf0XRsaOd0JUDKQ9Qe/olwBpMJ4lx7M6wn3r7wX53rrEif4zWl7LVdPCPH0CAwEA AaMsMCowGgYDVR0RBBMwEYEPZGFuaWVsQGx2ZHguY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZI hvcNAQEEBQADgYEAFR4uw5hb/Q0FuWAEmhSMPSW+hDICLkzlyFiXDDX3NYThsvtc41iqnz3s lMkW6Zw3ecXA8nKBYCBejNlCp3a2fDlsrI5RwhKg7zDj4imdrZezuB/50sICxgE9jtFj0gPb L8gQDmC+fsekN/c3gDC2RiuRwJ5Capy5PnFS39huMGQwggM/MIICqKADAgECAgENMA0GCSqG SIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYD VQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9D ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0 ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTEl MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3Rl IFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJj WiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenpruf ZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIB ADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29u YWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMT EVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+v rL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRi x9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9d X2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECAw4bBzAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0wNTA5MjYyMTUwMDVaMCMGCSqGSIb3DQEJBDEWBBQ9xI8eShls jE7wxwxBMiEHtLACUzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC AgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDB4BgkrBgEEAYI3 EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID DhsHMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0ECAw4bBzANBgkqhkiG9w0BAQEFAASCAQCBka4V5JTa22ytnFcMzBB1 G7Yaif52JkQaK8kvo/6zispSBnRoCY2pD8DY0EOGbah5Cc0u7kpTu6okFH1z28CzM8q4a/Dj k8PbahFuAE7NqnLu6srhGnoUHan/wEUffKGPjPUnx0ULs2zDV8spv9GQUsWhVvLaqm32Q3Zc qJHzkUqVqh2VgMOu6HIczPVJIjp+Y1DoFdS2cNcBqTKKbYcExxS3SzaIfaFBu9Xn8nLUn4ER LJZdBOwoTBezCSE/n7gVryT8AxnrispgIR/GCsSl1ja2c1ibsmUNBZmp2aLEM6HxAOGXqbSC O7cRv7+LV59udBiwFbVIPUsiFeF7hcYOAAAAAAAA --------------ms000203000804020905090400--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43386D0D.7000209>