[quagga-users 14933] Re: Disable BGP general scanning, BGP SCAN-TIMER
2018-02-15 22:21, Alexis Rosen написав: On Feb 15, 2018, at 8:29 AM, b...@it-mark.net wrote: But once every minute for about 3-10 seconds there is a "BGP general scanning", which is arbitrarily executed on any of the processor cores and loads it 100% within a specified time. 2018/02/14 18:40:41 BGP: Performing BGP general scanning 2018/02/14 18:40:42 BGP: scanning IPv4 Unicast routing tables Question: 1) Can I turn off (disable) "BGP general scanning" (command 'bgp scan-time <5-60>') ? Is this a good idea in my case ? That seems unlikely to be a good idea. Thank you Alex. But can this idea be realized at all? Just by default, bgp-scan occurs every minute and it can only be changed by specifying the interval from 5 - 60 seconds. And it seems that it's impossible to turn off this feature at all? 2) Can I perform "BGP general scanning" on a specific processor core, not chaotic ? IIRC, bgpd is entirely single-threaded. It should be trivial to bind it to a single core using taskset on Linux (or the equivalent, on another OS). You can do this while it's running, or you can start it that way - modify the rc file that starts quagga & bgpd (or whatever you're using to get it started on boot). /a ___ Quagga-users mailing list Quagga-users@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-users ___ Quagga-users mailing list Quagga-users@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-users
[quagga-users 14932] Re: Quagga 1.2.3 release: BGP security fixes
On Thu, 15 Feb 2018, Paul Jakma wrote: This release contains a number of fixes, including potentially important BGP security fixes. Note, with these fixes + some modifications to return early before getting into BGP RIB code, the bgpd BGP protocol parsers have so far survived about a month of fuzz testing (guided, direct call based via afl-fuzz, not network). regards, -- Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A Fortune: When all else fails, try Kate Smith. ___ Quagga-users mailing list Quagga-users@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-users
[quagga-users 14931] Re: Quagga 1.2.3 release: BGP security fixes
On Thu, 15 Feb 2018, Paul Jakma wrote: Advisories for the security fixes will appear at: * https://www.quagga.net/security/Quagga-2018-0543.txt * https://www.quagga.net/security/Quagga-2018-1114.txt * https://www.quagga.net/security/Quagga-2018-1550.txt * https://www.quagga.net/security/Quagga-2018-1975.txt Will appear once the reverse-proxying behaves. In the meantime, those are in git: https://git.savannah.gnu.org/cgit/quagga.git/tree/doc/security https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/ regards, -- Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A Fortune: In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker ___ Quagga-users mailing list Quagga-users@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-users
[quagga-users 14928] Disable BGP general scanning, BGP SCAN-TIMER
Hi all I have such a question. quagga-0.99.23.1, 4 bgp-peers, no IGP, only static, 4 core processor, all NIC's interrupts are evenly distributed between processor cores - all loads are defined and distributed between processor cores :) State/PfxRcd 137326 682774 85433 686579 But once every minute for about 3-10 seconds there is a "BGP general scanning", which is arbitrarily executed on any of the processor cores and loads it 100% within a specified time. 2018/02/14 18:40:41 BGP: Performing BGP general scanning 2018/02/14 18:40:42 BGP: scanning IPv4 Unicast routing tables Question: 1) Can I turn off (disable) "BGP general scanning" (command 'bgp scan-time <5-60>') ? Is this a good idea in my case ? 2) Can I perform "BGP general scanning" on a specific processor core, not chaotic ? ___ Quagga-users mailing list Quagga-users@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-users