Re: bandwidth for bkbits.net (good news)
From: P
Date: Fri Sep 05 2003 - 11:26:51 EST
Henning Schmiedehausen wrote:
On Fri, 2003-09-05 at 10:10, Florian Weimer wrote:
You need a shaper connected to the ISP backbone which shapes the
outgoing traffic for you and a border router which talks to the T1
(C17xx or C26xx). Normally, if your ISP has some sort of clue, you
will also need a bastion router which can handle backbone <-> 100 MBit
traffic and does dynamic routing updates (EGP or OSPF) to the ISP
backbone (A C26xx or C37xx).
C37xx can handle a maximum load of 225 kpps (data sheet number,
i.e. this value cannot be exceeded even under most favorable
conditions), the others handle even less. Such routers are of no help
during a DoS attack.
Yes, I snipped the DoS context, and your approach would work in a
benign environment. 8-)
225kpps * 64 Bytes (minimum packet len) = 13,7 MBytes / sec
100 MBit / 8 bit = 12,5 MBytes / sec
So, IMHO even with a small packet saturated 100 MBit link you won't
reach 225kpps. AFAIK this was Ciscos intention to publish this number.
It basically says "you will have filled your link before you fill our
router".
100Mb/s LAN @ 64 byte packets is 148500 pps half duplex
from my testing => 257Kpps full duplex.
Here's some interesting results I've got from the latest
intel e100 3.0.0_dev13 driver, showing how the receive
rate degrades at higher packet rates.
------------------------
send Kpps recv Kpps
------------------------
126 126
126.5 118.4
128 115.7
130 102.7
135 99.1
140 90.6
148 88.2
------------------------
It's not a CPU issue as it can receive at
the same rate on another interface.
renicing ksoftirqd has no effect.
system is PIII 1.2GHz, i815, 2.4.20
NAPI is turned on in the driver.
Pádraig.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/