[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Software router state of the art

Subject: Software router state of the art
From: fw at deneb.enyo.de (Florian Weimer)
Date: Mon, 28 Jul 2008 22:42:08 +0200
In-reply-to: <[email protected]> (Joe Greco's message of "Sat, 26 Jul 2008 08:07:49 -0500 (CDT)")
References: <[email protected]>

* Joe Greco:

> I'm not sure where the claims about "{one, few} flow{s}" are coming from.
> Certainly the number of flows on a typical UNIX box acting as a router is
> not that relevant unless you specifically configure something like 
> stateful firewalling, because the typical UNIX box simply doesn't have a
> *concept* of "flows."  It deals with packets.

You are mistaken.  Linux routing is flow-based.  Ever wondered what
those "dst cache overflow" messages mean you see during a DoS attack?
It's the flow cache complaining that it can't expire records in an
organic manner.

I don't know much about FreeBSD.  I think it got a route cache after
FreeBSD 4, too.  That's the reason why the FreeBSD 4 IP stack is still
so popular.

References:
- Software router state of the art
  - From: jgreco at ns.sol.net (Joe Greco)

Prev by Date: So why don't US citizens get this?
Next by Date: So why don't US citizens get this?
Previous by thread: Software router state of the art
Next by thread: Software router state of the art
Index(es):
- Date
- Thread