On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio <ku...@tenebras.com> wrote:
> > > On small, embedded computers running ipfw w/kernel nat and device polling > enabled (on em ether adapters), I observed the *reported* system load grow > very high. When disabling polling on the interfaces, it went back to > something normal. > > My impression is that the consensus among the core developers concerned > with networking is that device polling is an ancient hack and is > deprecated. In the case of a DDoS attack, there may be many other things to > try - at the infrastructure level - traffic diversion techniques like BGP > flowspec, use anycast, etc. On the individual server level, use stateful > rules with GRED enabled, dropping most new tcp or udp traffic based on load. > > > If I remember well, Luigi had a surprise regarding the advantage of using polling inside a VM: https://lists.freebsd.org/pipermail/freebsd-net/2013-May/035626.html But on real hardware, since the introduction of interrupt moderation on NIC, polling is not more useful. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"