Re: is polling still a thing?

2015-01-27 Thread Antoine Beaupré
On 2015-01-27 18:32:40, Luigi Rizzo wrote: > A netmap-aware NIC has no problem dealing with high PPS rates, > deliver them through the fat pipe HHH to netmap-ipfw in userspace, > which does the filtering and drops the junk. The remaining part > is reinjected through another netmap port into the h

Re: is polling still a thing?

2015-01-27 Thread Jim Thompson
> On Jan 27, 2015, at 4:08 PM, Antoine Beaupré wrote: > > On 2015-01-27 13:57:20, wishmaster wrote: >> Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I >> think you should. And without any network ''haks'' like polling. > > My understanding of netmap was that it wasn

Re: is polling still a thing?

2015-01-27 Thread Luigi Rizzo
On Tue, Jan 27, 2015 at 06:02:46PM -0500, Antoine Beaupr? wrote: > On 2015-01-27 17:39:17, Luigi Rizzo wrote: > > On Tue, Jan 27, 2015 at 05:08:27PM -0500, Antoine Beaupr? wrote: > >> On 2015-01-27 13:57:20, wishmaster wrote: > >> > Have you consider to use netmap-based ipfw instead pf in DDoS > >

Re: is polling still a thing?

2015-01-27 Thread Antoine Beaupré
On 2015-01-27 17:39:17, Luigi Rizzo wrote: > On Tue, Jan 27, 2015 at 05:08:27PM -0500, Antoine Beaupr? wrote: >> On 2015-01-27 13:57:20, wishmaster wrote: >> > Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? >> > I think you should. And without any network ''haks'' like p

Re: is polling still a thing?

2015-01-27 Thread Jim Thompson
> On Jan 27, 2015, at 2:28 PM, Olivier Cochard-Labbé wrote: > > On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio > wrote: > > > On small, embedded computers running ipfw w/kernel nat and device polling > enabled (on em ether adapters), I observed the *reported* sy

Re: is polling still a thing?

2015-01-27 Thread Luigi Rizzo
On Tue, Jan 27, 2015 at 05:08:27PM -0500, Antoine Beaupr? wrote: > On 2015-01-27 13:57:20, wishmaster wrote: > > Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I > > think you should. And without any network ''haks'' like polling. > > My understanding of netmap was that

Re: is polling still a thing?

2015-01-27 Thread Antoine Beaupré
On 2015-01-27 13:57:20, wishmaster wrote: > Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I > think you should. And without any network ''haks'' like polling. My understanding of netmap was that it wasn't useful for packet forwarding, because its design is for transmit

Re: is polling still a thing?

2015-01-27 Thread Olivier Cochard-Labbé
On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio wrote: > > > On small, embedded computers running ipfw w/kernel nat and device polling > enabled (on em ether adapters), I observed the *reported* system load grow > very high. When disabling polling on the interfaces, it went back to > something

Re: is polling still a thing?

2015-01-27 Thread Michael Sierchio
On small, embedded computers running ipfw w/kernel nat and device polling enabled (on em ether adapters), I observed the *reported* system load grow very high. When disabling polling on the interfaces, it went back to something normal. My impression is that the consensus among the core developers

Re: is polling still a thing?

2015-01-27 Thread Olivier Cochard-Labbé
On Tue, Jan 27, 2015 at 7:19 PM, Antoine Beaupré wrote: > On 2015-01-27 13:03:19, Jim Thompson wrote: > > > > > Have you considered FreeBSD 10.1? > > Not yet. What should i expect from the upgrade? We just barely made it > to 9.3 at this point... > Here is an old bench comparing pf improvement s

Re: is polling still a thing?

2015-01-27 Thread wishmaster
Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I think you should. And without any network ''haks'' like polling. Cheers, Vitaly --- Original Message --- From: "Antoine Beaupré" Date: 27 January 2015, 19:28:55 > (Please CC, as i am not on the list.) > > I wa

Re: is polling still a thing?

2015-01-27 Thread Antoine Beaupré
On 2015-01-27 13:03:19, Jim Thompson wrote: >> On Jan 27, 2015, at 11:28 AM, Antoine Beaupré wrote: >> >> (Please CC, as i am not on the list.) >> >> I was surprised to read this article in the pfSense blog: >> >> https://blog.pfsense.org/?p=115 > > That articl

Re: is polling still a thing?

2015-01-27 Thread Jim Thompson
> On Jan 27, 2015, at 11:28 AM, Antoine Beaupré wrote: > > (Please CC, as i am not on the list.) > > I was surprised to read this article in the pfSense blog: > > https://blog.pfsense.org/?p=115 That article is from June 2007. It’s over seven years old. T

is polling still a thing?

2015-01-27 Thread Antoine Beaupré
(Please CC, as i am not on the list.) I was surprised to read this article in the pfSense blog: https://blog.pfsense.org/?p=115 TLDR: "At this time, polling is not recommended at all." Is that true? I am trying to tweak a Supermicro machine as a router to survive major DDOS attacks on a 1gbps l