> On Jan 27, 2015, at 2:28 PM, Olivier Cochard-Labbé <oliv...@cochard.me> wrote: > > On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio <ku...@tenebras.com > <mailto:ku...@tenebras.com>> wrote: > > > On small, embedded computers running ipfw w/kernel nat and device polling > enabled (on em ether adapters), I observed the *reported* system load grow > very high. When disabling polling on the interfaces, it went back to > something normal. > > My impression is that the consensus among the core developers concerned with > networking is that device polling is an ancient hack and is deprecated. In > the case of a DDoS attack, there may be many other things to try - at the > infrastructure level - traffic diversion techniques like BGP flowspec, use > anycast, etc. On the individual server level, use stateful rules with GRED > enabled, dropping most new tcp or udp traffic based on load. > > > > If I remember well, Luigi had a surprise regarding the advantage of using > polling inside a VM: > https://lists.freebsd.org/pipermail/freebsd-net/2013-May/035626.html > <https://lists.freebsd.org/pipermail/freebsd-net/2013-May/035626.html> > > But on real hardware, since the introduction of interrupt moderation on NIC, > polling is not more useful.
The DPDK guys disagree. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
