Date: Thu, 11 Feb 2010 18:20:13 -0500 From: Chuck Anderson <cra@WPI.EDU>
On Thu, Feb 11, 2010 at 04:12:03PM -0600, William Pitcock wrote:
On Thu, 2010-02-11 at 13:05 -0500, Jack Carrozzo wrote:
Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See the freebsd-isp list.
FreeBSD's network stack chokes up in DDoS attacks due to interrupt flooding. We used to use FreeBSD for firewalling and basic routing, but when noticing that we had horizontal scalability (e.g. a Celeron 667mhz performed nearly as well as a dual dual-core Xeon system when DDoS attacks happened), we switched to Vyatta, and generally have not looked back.
Have you tried using FreeBSD's polling mode instead of interrupt mode?
No experience with it myself, but it sounds cool:
Polling is excellent for low speed lines, but for Gig and faster, most newer interfaces support interrupt coalescing. This easily resolves the issue in hardware as interrupts are only issued when needed but limited to a reasonable rate, Polling does not use interrupts, but consumes system resources regardless of traffic. FreeBSD has supported polling for a long time (V6?) and interrupt coalescing since some release of V7. (Latest release is V8.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751