From owner-freebsd-isp@FreeBSD.ORG  Sat May 17 00:47:50 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7FE2837B401
	for <freebsd-isp@freebsd.org>; Sat, 17 May 2003 00:47:50 -0700 (PDT)
Received: from misery.sdf.com (misery.sdf.com [207.200.153.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EA6DA43FAF
	for <freebsd-isp@freebsd.org>; Sat, 17 May 2003 00:47:48 -0700 (PDT)
	(envelope-from tom@sdf.com)
Received: from tom (helo=localhost)
	by misery.sdf.com with local-esmtp (Exim 2.12 #1)
	id 19GupH-0007cN-00; Fri, 16 May 2003 23:05:47 -0700
Date: Fri, 16 May 2003 23:05:46 -0700 (PDT)
From: Tom Samplonius <tom@sdf.com>
To: Thomas Krause -CI- <freebsd-isp@chef-ingenieur.de>
In-Reply-To: <3EC5E7A9.7020802@chef-ingenieur.de>
Message-ID: <Pine.BSF.4.05.10305162302230.2996-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-isp@freebsd.org
Subject: Re: router stops working because of udp packets
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 May 2003 07:47:50 -0000


On Sat, 17 May 2003, Thomas Krause -CI- wrote:

> Thank's to all for your response. I'll question the customer on Monday
> and probably sell him a firewall. (Should I notice that I hate Microsoft
> software?)

  Rather than sell him a firewall, sell him a clue.  The MS-SQL
vulnerability that Slammer exploits was made public many months ago.

> >   It is the Slammer worm.  It can easily generate 60Mbps of traffic on a
> > fast ethernet LAN.  It seems that your router does not have enough
> > resources to route that much.  Perhaps add more mbufs, and more efficient
> > network cards.  If using the fxp driver, use the link0 flag to reduce
> > interupts.
> 
> There is one fxp and one xl card in that box - but how to use
> the link0 flag? ( 'man fxp' doesn't help)

  If the man page doesn't mention it, it probably isn't supported in your
version of FreeBSD.  It is pretty new.

> >>BTW: 4.6.2-RELEASE-p9 is running on the router.
> > 
> > 
> >   You should probably upgrade to 4.8 too.
> 
> Until now 4.6.2 was running very well - and I doubt that 4.8 would
> forward that traffic. (Anyway, I've a reason to upgrade to 4.7 at least)

  Well, with the packet bundling support in fxp, it would do much better.
Up to 8 packets could be handled per interupt.  There is no reason to go
to 4.7, when 4.8 is available.  Trust me, it is way better.

> Regards,
> Thomas.

Tom