> I know that specially programmed ASICs on dedicated hardware like Cisco, > Juniper, etc. are going to always outperform a general purpose server > running gnu/linux, *bsd... but I find the idea of trying to use > proprietary, NSA-backdoored devices difficult to accept, especially when > I don't have the budget for it. > > I've noticed that even with a relatively modern system (supermicro with > a 4 core 1265LV2 CPU, with a 9MB cache, Intel E1G44HTBLK Server > adapters, and 16gig of ram, you still tend to get high percentage of > time working on softirqs on all the CPUs when pps reaches somewhere > around 60-70k, and the traffic approaching 600-900mbit/sec (during a > DDoS, such hardware cannot typically cope). > > It seems like finding hardware more optimized for very high packet per > second counts would be a good thing to do. I just have no idea what is > out there that could meet these goals. I'm unsure if faster CPUs, or > more CPUs is really the problem, or networking cards, or just plain old > fashioned tuning.
10-15 years ago, we were seeing early Pentium 4 boxes capable of moving 100Kpps+ on FreeBSD. See for example http://info.iet.unipi.it/~luigi/polling/ Luigi moved on to Netmap, which looks promising for this sort of thing. https://www.usenix.org/system/files/conference/atc12/atc12-final186.pdf I was under the impression that some people have been using this for 10G routing. Also I'll note that Ubiquiti has some remarkable low-power gear capable of 1Mpps+. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
