On Thu, Feb 11, 2010 at 04:12:03PM -0600, William Pitcock wrote: > On Thu, 2010-02-11 at 13:05 -0500, Jack Carrozzo wrote: > > Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See > > the freebsd-isp list. > > FreeBSD's network stack chokes up in DDoS attacks due to interrupt > flooding. We used to use FreeBSD for firewalling and basic routing, but > when noticing that we had horizontal scalability (e.g. a Celeron 667mhz > performed nearly as well as a dual dual-core Xeon system when DDoS > attacks happened), we switched to Vyatta, and generally have not looked > back.
Have you tried using FreeBSD's polling mode instead of interrupt mode? No experience with it myself, but it sounds cool: http://info.iet.unipi.it/~luigi/polling/