On Sun, 22 Aug 2004, David S. Miller wrote: > On Sun, 22 Aug 2004 12:30:39 -0400 (EDT) > alex@pilosoft.com wrote: > > > If I can route a full GE of sane traffic, unfortunately, it doesn't > > mean I can route a full GE of ddos traffic (random src/dst)... > > The latter is being worked on, stay tuned.... This is very interesting - any light on the approach that is being taken? Last I checked, 2.6 kernel is heavily based on concept of 'flowi' and route-cache plays central part. Both of those are good for routing "sane" traffic, but are really not suitable to routing random src/dst packets fast - which depends on a fast RIB/RPDB lookup (what is currently called ip_route_input_slow). Current organization of RIB as 33 hashes (one for each possible prefix length from /32 to /0) is *slow*. And once/if route_input_slow is no longer slow, route-cache will be only a hindrance. ;) To rephrase Linus-"solution to slow route lookup is fast route lookup, not another kernel abstraction (route-cache)" ;) -alex - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html