julian at elischer.org
Wed Jun 27 16:46:56 UTC 2007
Alexander Motin wrote:
> Even if pppoe have some DoS weaknesses it also have some protection
> mechanisms against it. It's a pity but ng_pppoe originally implements
> protocol in a way which does not allow this protection to be effectively
ng_pppoe can always be rewritten :-)
> As I have told 4.2 release contains overload protection which should
> also help against DoS attacks. I am not sure it will be able to handle
> 100Mbit/s flood of PADI requests from broken switch, but should avoid
> mpd freeze in such case.
>> When having many users, it is useful to have high availability, so it
>> would be nice and useful to setup multiple pppoe servers . I've tried
>> that, using a router, connected
>> to 2 pppoe servers, and at every pppoe connection, a route was added to
>> the router and when user disconnected, the route was deleted from
>> router. This is still a buggy implementation, we had problems messing
>> up routing table.
> Having several PPPoE servers in one segment is a normal solution
> protocol. It is not so efficient now as it could be due to ng_pppoe
> implementation problem I have told, but it still should increase
> performance and stability.
> What is about routing problems, you just should find good dynamic
> routing solution. I have successfully working network with hundred PPPoE
> servers and many thousands of users with routing successfully managed by
> quagga bgp.
More information about the freebsd-net