Sorry for the top post!!!
N.
+1 on the interrupt cpu assignment
N.
On 5/24/13, Nick Hilliard wrote:
> On 24/05/2013 20:21, Joe Greco wrote:
>> Luigi did the polling stuff more than a decade ago. Polling fixes some
>> issues and seems to cause others.
>
> interrupt mitigation helps more than polling these days. Make su
On 24/05/2013 20:21, Joe Greco wrote:
> Luigi did the polling stuff more than a decade ago. Polling fixes some
> issues and seems to cause others.
interrupt mitigation helps more than polling these days. Make sure you're
using modern hardware.
Nick
On 13-05-24 03:17 PM, Ryan Gard wrote:
> Do you have a source on this? Reason I ask is because any recent
> documentation I've come across indicates that polling is recommended to
> reduce chances of livelock on a running system.
This depends a *ton* of what NIC you are using. Polling IMO should n
> Do you have a source on this? Reason I ask is because any recent
> documentation I've come across indicates that polling is recommended to
> reduce chances of livelock on a running system.
What recent documentation have you come across?
Luigi did the polling stuff more than a decade ago. Polli
Do you have a source on this? Reason I ask is because any recent
documentation I've come across indicates that polling is recommended to
reduce chances of livelock on a running system.
On Mon, May 20, 2013 at 2:51 PM, Eduardo Schoedler wrote:
> 2013/5/19 Andrew Jones
>
> > As for migration to a
On Mon, 20 May 2013, Phil Fagan wrote:
Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it wou
This is what we do too: Separate firewalling and routing. We use Vyatta for
both and it works. Bye,
David
-Oorspronkelijk bericht-
Van: Matt Palmer [mailto:mpal...@hezmatt.org]
Verzonden: zondag 19 mei 2013 23:32
Aan: nanog@nanog.org
Onderwerp: Re: High throughput bgp links using
On 5/20/13 2:45 PM, Matt Palmer wrote:
On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
On 5/19/13 4:27 PM, Ben wrote:
Do you actually need stateful filtering? A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports
Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it would provide...service
aware load-balancing?
On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
> On 5/19/13 4:27 PM, Ben wrote:
> > Do you actually need stateful filtering? A lot of people seem to think
> > that it's important, when really they're accomplishing little from it,
> > you can block ports etc without it.
>
> I belie
2013/5/19 Andrew Jones
> As for migration to another OS, I find FreeBSD better as a matter of
>> network performance. The last time I checked OpenBSD was either
>> lacking or was in the early stages of multiple cores support.
>>
>
> If you do decide to go the FreeBSD route (you can run openbgpd o
On Mon, 2013-05-20 at 10:35 +0200, Laurent GUERBY wrote:
> On Mon, 2013-05-20 at 11:23 +1200, Ben wrote:
> > With regards to security of OpenBSD versus Linux, you shouldn't be exposing
> > any
> > services to the world with either. And it's more stability/configuration
> > that would
> > push me
On Mon, 2013-05-20 at 11:23 +1200, Ben wrote:
> With regards to security of OpenBSD versus Linux, you shouldn't be exposing
> any
> services to the world with either. And it's more stability/configuration
> that would
> push me to OpenBSD rather than performance.
>
> And with regards to crashin
As for migration to another OS, I find FreeBSD better as a matter of
network performance. The last time I checked OpenBSD was either
lacking or was in the early stages of multiple cores support.
If you do decide to go the FreeBSD route (you can run openbgpd on
FreeBSD if you like), check out th
Minor nitpicking I know..
On 20. mai 2013 01:23, Ben wrote:
With Linux you have to disable reverse path filtering, screw around with
iptables
to do bypass on stateful filtering.
You dont have to "screw around" with iptables. The kernel wont load the
conntrack modules/code unless you actually
On Sun, May 19, 2013 at 11:34 AM, Nick Khamis wrote:
> Hey Bill, thanks for your reply Yeah option 1.. I think we
> will do whatever it takes to avoid that route. I don't have a good
> reason for it, it's just preference. Option 2 is exactly what
> we are looking at.
Hi Nick,
You might g
On Sun, 19 May 2013 16:42:23 -0700, Seth Mattinen said:
> On 5/19/13 4:27 PM, Ben wrote:
> > Do you actually need stateful filtering? A lot of people seem to think
> > that it's important, when really they're accomplishing little from it,
> > you can block ports etc without it.
>
>
> I believe PCI
On 5/19/13 4:27 PM, Ben wrote:
> Do you actually need stateful filtering? A lot of people seem to think
> that it's important, when really they're accomplishing little from it,
> you can block ports etc without it.
I believe PCI compliance requires it, other things like it probably do too.
~Set
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
> > But really you should get some newerish hardware with on-cpu PCIe and
> > memory controllers (and preferably QPI). That architectural jump really
> > upped the networking throughput of commodity hardware, probably by
> > orders of mag
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
> We do use a statefull iptables on our router, some forward rules...
> This is known to be on of our issues, not sure if having a separate
> iptables box would be the best and only solution for this?
Do you actually need stateful filte
On Sat, May 18, 2013 at 11:39:55AM -0400, Nick Khamis wrote:
> Hello Everyone,
>
> We are running:
>
> Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
> Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
> Controller (rev 06)
> Ethernet controller: Intel Corporation 82573E Gigab
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
> We do use a statefull iptables on our router, some forward rules...
> This is known to be on of our issues, not sure if having a separate
> iptables box would be the best and only solution for this?
I don't know about "only", but it'd
(oops, I keep forgetting to send with my nanog identity..)
On 19. mai 2013 17:48, Nick Khamis wrote:
We do use a statefull iptables on our router, some forward rules...
This is known to be on of our issues, not sure if having a separate
iptables box would be the best and only solution for this?
Not noise!
On May 19, 2013 10:20 AM, "Nick Khamis" wrote:
> On 5/19/13, Zachary Giles wrote:
> > I had two Dell R3xx 1U servers with Quad Gige Cards in them and a few
> small
> > BGP connections for a few year. They were running CentOS 5 + Quagga with
> a
> > bunch of stuff turned off. Worked ex
On 5/19/13, Zachary Giles wrote:
> I had two Dell R3xx 1U servers with Quad Gige Cards in them and a few small
> BGP connections for a few year. They were running CentOS 5 + Quagga with a
> bunch of stuff turned off. Worked extremely well. We also had really small
> traffic back then.
>
> Server h
Hello Nick,
Your email is pretty generic, the likelihood of anyone being able to provide
any actual help or advice is pretty low. I suggest you check out Vyatta.org,
its an Open Source router solution that uses Quagga for its underlying BGP
management, and if you desire you can purpose a suppor
> This is some fairly ancient hardware, so what you can get out if it will
> be limited. Though gige should not be impossible.
>
Agreed!!!
> The usual tricks are to make sure netfilter is not loaded, especially
> the conntrack/nat based parts as that will inspect every flow for state
> informatio
> Hi Nick,
>
> You're done. You can buy more recent server hardware and get another
> small bump. You may be able to tweak interrupt rates from the NICs as
> well, trading latency for throughput. But basically you're done:
> you've hit the upper bound of what slow-path (not hardware assisted)
> net
I had two Dell R3xx 1U servers with Quad Gige Cards in them and a few small
BGP connections for a few year. They were running CentOS 5 + Quagga with a
bunch of stuff turned off. Worked extremely well. We also had really small
traffic back then.
Server hardware has become amazingly fast under-the-c
On 5/19/13, Nikola Kolev wrote:
> You might be maxing out your server's PCI bus throughput, so it might be a
> better idea if you can get Ethernet NICs that are sitting at least on PCIe
> x8 slots.
>
>
Nikola, thank you so much for your response! It kind of looks that
way, and we do have another
On 5/18/13, Michael McConnell wrote:
> Hello Nick,
>
> Your email is pretty generic, the likelihood of anyone being able to provide
> any actual help or advice is pretty low. I suggest you check out Vyatta.org,
> its an Open Source router solution that uses Quagga for its underlying BGP
> manageme
On 18. mai 2013 17:39, Nick Khamis wrote:
Hello Everyone,
We are running:
Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
Ethernet controller: Intel Corporation 82573E Gigabit Ethernet
Controller (rev 03)
On Sun, 19 May 2013, William Herrin wrote:
On Sat, May 18, 2013 at 11:39 AM, Nick Khamis wrote:
We are transmitting an average of 700Mbps with packet sizes upwards of
900-1000 bytes when the traffic graph begins to flatten. We also start
experiencing some crashes at that point, and not have be
On Sat, May 18, 2013 at 11:39 AM, Nick Khamis wrote:
> We are transmitting an average of 700Mbps with packet sizes upwards of
> 900-1000 bytes when the traffic graph begins to flatten. We also start
> experiencing some crashes at that point, and not have been able to
> pinpoint that either.
Hi Ni
Hello Nick,
On 18.05.2013, at 18:39, Nick Khamis wrote:
> Hello Everyone,
>
> We are running:
>
> Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram
> Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
> Controller (rev 06)
> Ethernet controller: Intel Corporation 82573E Gigabit
36 matches
Mail list logo
