dragonflybsd router

k simon chio1990 at gmail.com
Wed Aug 21 01:20:52 PDT 2013 

    Yes, I know route-to/reply-to can do similar work like policy routing, but it's manual configured, it can't fallback to a default route or another route automatically. 
    And does pflowd mpsafe? 

Best Regards,
Simon


在 2013-8-21,下午2:55, Robert Garrett 写道:

> with pf the lock right now is only on state tables.. it is actually
> cleaner of locks than on any other bsd, on dfly. 
> 
> ipv6 support is the most questionable thing I can point to you as a
> drawback, as what you would do with fips can be accomplished with pf.
> 
> RG
> On Wed, 2013-08-21 at 10:55 +0800, k simon wrote:
>> Hi, Sepherosa,
>>     Thanks for your reply.  I'm glad to know Multi FIB probably will
>> be supported in the next release cycle, did you have some plan about
>> support flow cache, npf or smp friendly pf, and
>> per-cpu statistics, netflow/ipfix etc. As a router box, we need
>> a platform with "integrated solution" . Maybe write a roadmap is a
>> good start.  I would like to test dfly BSD with real traffic when the
>> next version released.
>> 
>> 
>> Best Regards,
>> Simon
>> 
>> 
>> 
>> 在 2013-8-20,下午6:43, Sepherosa Ziehau 写道:
>> 
>>> 
>>> 
>>> 
>>> On Tue, Aug 20, 2013 at 4:37 PM, k simon <chio1990 at gmail.com> wrote:
>>> 
>>>        Hi,list:
>>> 
>>> 
>>>            I have some linux router/NAT box, each can serve
>>>        500-600Kpps traffic. Last week, I observed the ddos attack,
>>>        it report ipt_netflow sendbuffer overlimit and cpu usage
>>>        high. So I took a look at BSD family. I've tested freebsd a
>>>        bit, it have trouble with polling and NIC‘s multi queues,
>>>        and it have high context switch.
>>>            I've searched some posts about dfly's ifpoll  and ifq
>>>        etc. I really appreciate it. but I can't determine dfly BSD
>>>        support multi RIB, ng_netflow,  smp friendly pf, flow  etc.
>>>        And the BIRD route suite can support policy routing and
>>>        worked fine on 
>>> 
>>> 
>>> Multiple routing table is not supported yet, it probably will be
>>> added in the next release cycle, if I or others could find enough
>>> time.  Netgraph is under BGL, which means it is bad for performance.
>>> ipfw is lockless MPSAFE, pf is still under one token (which also
>>> causes performance issue).  Basic BIRD functionality should just
>>> work (no policy routing, since it requires multiple routing table
>>> support).
>>> 
>>> 
>>> 
>>> Best Regards,
>>> sephe
>>> 
>> 
> 
>

More information about the Users mailing list