Alexander Motin wrote:
Even if pppoe have some DoS weaknesses it also have some protection
mechanisms against it. It's a pity but ng_pppoe originally implements
protocol in a way which does not allow this protection to be effectively
used.
ng_pppoe can always be rewritten :-)
As I have told 4.2 release contains overload protection which should
also help against DoS attacks. I am not sure it will be able to handle
100Mbit/s flood of PADI requests from broken switch, but should avoid
mpd freeze in such case.
When having many users, it is useful to have high availability, so it
would be nice and useful to setup multiple pppoe servers . I've tried
that, using a router, connected
to 2 pppoe servers, and at every pppoe connection, a route was added to
the router and when user disconnected, the route was deleted from
router. This is still a buggy implementation, we had problems messing
up routing table.
Having several PPPoE servers in one segment is a normal solution
protocol. It is not so efficient now as it could be due to ng_pppoe
implementation problem I have told, but it still should increase
performance and stability.
What is about routing problems, you just should find good dynamic
routing solution. I have successfully working network with hundred PPPoE
servers and many thousands of users with routing successfully managed by
quagga bgp.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
