is polling still a thing?
Michael Sierchio
kudzu at tenebras.com
Tue Jan 27 20:15:30 UTC 2015
On small, embedded computers running ipfw w/kernel nat and device polling
enabled (on em ether adapters), I observed the *reported* system load grow
very high. When disabling polling on the interfaces, it went back to
something normal.
My impression is that the consensus among the core developers concerned
with networking is that device polling is an ancient hack and is
deprecated. In the case of a DDoS attack, there may be many other things to
try - at the infrastructure level - traffic diversion techniques like BGP
flowspec, use anycast, etc. On the individual server level, use stateful
rules with GRED enabled, dropping most new tcp or udp traffic based on load.
That's a topic of its own...
- M
More information about the freebsd-net
mailing list