Do you have a source on this? Reason I ask is because any recent
documentation I've come across indicates that polling is recommended to
reduce chances of livelock on a running system.
On Mon, May 20, 2013 at 2:51 PM, Eduardo Schoedler lis...@esds.com.brwrote:
2013/5/19 Andrew Jones
Do you have a source on this? Reason I ask is because any recent
documentation I've come across indicates that polling is recommended to
reduce chances of livelock on a running system.
What recent documentation have you come across?
Luigi did the polling stuff more than a decade ago. Polling
On 13-05-24 03:17 PM, Ryan Gard wrote:
Do you have a source on this? Reason I ask is because any recent
documentation I've come across indicates that polling is recommended to
reduce chances of livelock on a running system.
This depends a *ton* of what NIC you are using. Polling IMO should not
On 24/05/2013 20:21, Joe Greco wrote:
Luigi did the polling stuff more than a decade ago. Polling fixes some
issues and seems to cause others.
interrupt mitigation helps more than polling these days. Make sure you're
using modern hardware.
Nick
+1 on the interrupt cpu assignment
N.
On 5/24/13, Nick Hilliard n...@foobar.org wrote:
On 24/05/2013 20:21, Joe Greco wrote:
Luigi did the polling stuff more than a decade ago. Polling fixes some
issues and seems to cause others.
interrupt mitigation helps more than polling these days.
Sorry for the top post!!!
N.
This is what we do too: Separate firewalling and routing. We use Vyatta for
both and it works. Bye,
David
-Oorspronkelijk bericht-
Van: Matt Palmer [mailto:mpal...@hezmatt.org]
Verzonden: zondag 19 mei 2013 23:32
Aan: nanog@nanog.org
Onderwerp: Re: High throughput bgp links using
On Mon, 20 May 2013, Phil Fagan wrote:
Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it
On Mon, 2013-05-20 at 11:23 +1200, Ben wrote:
With regards to security of OpenBSD versus Linux, you shouldn't be exposing
any
services to the world with either. And it's more stability/configuration
that would
push me to OpenBSD rather than performance.
And with regards to crashing I'd
On Mon, 2013-05-20 at 10:35 +0200, Laurent GUERBY wrote:
On Mon, 2013-05-20 at 11:23 +1200, Ben wrote:
With regards to security of OpenBSD versus Linux, you shouldn't be exposing
any
services to the world with either. And it's more stability/configuration
that would
push me to
2013/5/19 Andrew Jones a...@jonesy.com.au
As for migration to another OS, I find FreeBSD better as a matter of
network performance. The last time I checked OpenBSD was either
lacking or was in the early stages of multiple cores support.
If you do decide to go the FreeBSD route (you can run
On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
On 5/19/13 4:27 PM, Ben wrote:
Do you actually need stateful filtering? A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports etc without it.
I believe PCI
Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it would provide...service
aware
On 5/20/13 2:45 PM, Matt Palmer wrote:
On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
On 5/19/13 4:27 PM, Ben wrote:
Do you actually need stateful filtering? A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block
Hello Nick,
On 18.05.2013, at 18:39, Nick Khamis sym...@gmail.com wrote:
Hello Everyone,
We are running:
Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
Ethernet controller: Intel Corporation
On Sat, May 18, 2013 at 11:39 AM, Nick Khamis sym...@gmail.com wrote:
We are transmitting an average of 700Mbps with packet sizes upwards of
900-1000 bytes when the traffic graph begins to flatten. We also start
experiencing some crashes at that point, and not have been able to
pinpoint that
On Sun, 19 May 2013, William Herrin wrote:
On Sat, May 18, 2013 at 11:39 AM, Nick Khamis sym...@gmail.com wrote:
We are transmitting an average of 700Mbps with packet sizes upwards of
900-1000 bytes when the traffic graph begins to flatten. We also start
experiencing some crashes at that
On 18. mai 2013 17:39, Nick Khamis wrote:
Hello Everyone,
We are running:
Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
Ethernet controller: Intel Corporation 82573E Gigabit Ethernet
Controller (rev 03)
On 5/18/13, Michael McConnell mich...@winkstreaming.com wrote:
Hello Nick,
Your email is pretty generic, the likelihood of anyone being able to provide
any actual help or advice is pretty low. I suggest you check out Vyatta.org,
its an Open Source router solution that uses Quagga for its
On 5/19/13, Nikola Kolev ni...@mnet.bg wrote:
You might be maxing out your server's PCI bus throughput, so it might be a
better idea if you can get Ethernet NICs that are sitting at least on PCIe
x8 slots.
Nikola, thank you so much for your response! It kind of looks that
way, and we do have
I had two Dell R3xx 1U servers with Quad Gige Cards in them and a few small
BGP connections for a few year. They were running CentOS 5 + Quagga with a
bunch of stuff turned off. Worked extremely well. We also had really small
traffic back then.
Server hardware has become amazingly fast
Hi Nick,
You're done. You can buy more recent server hardware and get another
small bump. You may be able to tweak interrupt rates from the NICs as
well, trading latency for throughput. But basically you're done:
you've hit the upper bound of what slow-path (not hardware assisted)
This is some fairly ancient hardware, so what you can get out if it will
be limited. Though gige should not be impossible.
Agreed!!!
The usual tricks are to make sure netfilter is not loaded, especially
the conntrack/nat based parts as that will inspect every flow for state
information.
Hello Nick,
Your email is pretty generic, the likelihood of anyone being able to provide
any actual help or advice is pretty low. I suggest you check out Vyatta.org,
its an Open Source router solution that uses Quagga for its underlying BGP
management, and if you desire you can purpose a
On 5/19/13, Zachary Giles zgi...@gmail.com wrote:
I had two Dell R3xx 1U servers with Quad Gige Cards in them and a few small
BGP connections for a few year. They were running CentOS 5 + Quagga with a
bunch of stuff turned off. Worked extremely well. We also had really small
traffic back then.
Not noise!
On May 19, 2013 10:20 AM, Nick Khamis sym...@gmail.com wrote:
On 5/19/13, Zachary Giles zgi...@gmail.com wrote:
I had two Dell R3xx 1U servers with Quad Gige Cards in them and a few
small
BGP connections for a few year. They were running CentOS 5 + Quagga with
a
bunch of stuff
(oops, I keep forgetting to send with my nanog identity..)
On 19. mai 2013 17:48, Nick Khamis wrote:
We do use a statefull iptables on our router, some forward rules...
This is known to be on of our issues, not sure if having a separate
iptables box would be the best and only solution for this?
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
We do use a statefull iptables on our router, some forward rules...
This is known to be on of our issues, not sure if having a separate
iptables box would be the best and only solution for this?
I don't know about only, but it'd have
On Sat, May 18, 2013 at 11:39:55AM -0400, Nick Khamis wrote:
Hello Everyone,
We are running:
Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
Ethernet controller: Intel Corporation 82573E Gigabit
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
We do use a statefull iptables on our router, some forward rules...
This is known to be on of our issues, not sure if having a separate
iptables box would be the best and only solution for this?
Do you actually need stateful
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
But really you should get some newerish hardware with on-cpu PCIe and
memory controllers (and preferably QPI). That architectural jump really
upped the networking throughput of commodity hardware, probably by
orders of magnitude
On 5/19/13 4:27 PM, Ben wrote:
Do you actually need stateful filtering? A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports etc without it.
I believe PCI compliance requires it, other things like it probably do too.
~Seth
On Sun, 19 May 2013 16:42:23 -0700, Seth Mattinen said:
On 5/19/13 4:27 PM, Ben wrote:
Do you actually need stateful filtering? A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports etc without it.
I believe PCI
On Sun, May 19, 2013 at 11:34 AM, Nick Khamis sym...@gmail.com wrote:
Hey Bill, thanks for your reply Yeah option 1.. I think we
will do whatever it takes to avoid that route. I don't have a good
reason for it, it's just preference. Option 2 is exactly what
we are looking at.
Hi Nick,
Minor nitpicking I know..
On 20. mai 2013 01:23, Ben wrote:
With Linux you have to disable reverse path filtering, screw around with
iptables
to do bypass on stateful filtering.
You dont have to screw around with iptables. The kernel wont load the
conntrack modules/code unless you actually
As for migration to another OS, I find FreeBSD better as a matter of
network performance. The last time I checked OpenBSD was either
lacking or was in the early stages of multiple cores support.
If you do decide to go the FreeBSD route (you can run openbgpd on
FreeBSD if you like), check out
Hello Everyone,
We are running:
Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
Ethernet controller: Intel Corporation 82573E Gigabit Ethernet
Controller (rev 03)
2 bgp links from different providers using
37 matches
Mail list logo