| To: | pekkas@xxxxxxxxxx |
|---|---|
| Subject: | Re: [PATCH + RFC] neighbour/ARP cache scalability |
| From: | YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx> |
| Date: | Wed, 22 Sep 2004 01:04:28 +0900 (JST) |
| Cc: | laforge@xxxxxxxxxxxx, netdev@xxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx |
| In-reply-to: | <Pine.LNX.4.44.0409211856260.9906-100000@netcore.fi> |
| Organization: | USAGI Project |
| References: | <20040922.001448.73843048.yoshfuji@linux-ipv6.org> <Pine.LNX.4.44.0409211856260.9906-100000@netcore.fi> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
In article <Pine.LNX.4.44.0409211856260.9906-100000@xxxxxxxxxx> (at Tue, 21 Sep
2004 18:58:05 +0300 (EEST)), Pekka Savola <pekkas@xxxxxxxxxx> says:
> This still doesn't take a stance on rate-limiting the ND/ARP packets,
> in case that there still is enough memory, but some kind of attack is
> clearly underway. Should it still be done? Consider 100Kpps of
> router-generated ARP/ND probes -- not good!
Right. We need to do this, of course. Probably, per-ingress interface.
(I mean, incoming interface which invokes NS.)
Note: I think similar idea (limiting per interface) was arose during chat
with Robert, Halard et. al at OLS.
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
|
| Previous by Date: | Re: bad TSO performance in 2.6.9-rc2-BK, Anton Blanchard |
|---|---|
| Next by Date: | Re: [PATCH + RFC] neighbour/ARP cache scalability, Tim Gardner |
| Previous by Thread: | Re: [PATCH + RFC] neighbour/ARP cache scalability, Pekka Savola |
| Next by Thread: | Re: [PATCH + RFC] neighbour/ARP cache scalability, Tim Gardner |
| Indexes: | [Date] [Thread] [Top] [All Lists] |