On 03/01/14 12:19, Gert Doering wrote:
Well, my "real world" numbers on FreeBSD+unbound+pf are: if I enable state tracking in pf, it will about double CPU usage.
Very interesting. This was under "normal" rather than "attack" load, yes?
The system in question did not have much CPU to spare, so this led to DNS queries sometimes being dropped, which resulted in poor user experience.
Ugh. I bet it was delightful to troubleshoot as well... _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
