11 Feb
2010
11 Feb
'10
6:20 p.m.
On Thu, Feb 11, 2010 at 04:12:03PM -0600, William Pitcock wrote:
On Thu, 2010-02-11 at 13:05 -0500, Jack Carrozzo wrote:
Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See the freebsd-isp list.
FreeBSD's network stack chokes up in DDoS attacks due to interrupt flooding. We used to use FreeBSD for firewalling and basic routing, but when noticing that we had horizontal scalability (e.g. a Celeron 667mhz performed nearly as well as a dual dual-core Xeon system when DDoS attacks happened), we switched to Vyatta, and generally have not looked back.
Have you tried using FreeBSD's polling mode instead of interrupt mode? No experience with it myself, but it sounds cool: http://info.iet.unipi.it/~luigi/polling/