A recent DDoS took down my linux router. It had a light iptables ruleset and connectinos tracking enabled. It was a dual CPU Xeon with Dual Intel Gigabit on board (using the e1000 driver.) After the attack was under way for several minutes, the external interface was seeing about 600,000 pps at ~350Mbit/sec. The link is 1Gb, so it wasn't full yet. My question is, is there any hope of building a linux box that can keep up with that kind of traffic load (in terms of pps.) Without an attack, the box handles 200-300Mb/s incoming traffic and 850Mb/s outbound traffic without breaking a sweat. (About 100,000 pps total on both interfaces.) I've seen references to 300K pps being a limit for linux boxes, but nothing else concrete. The reason I ask about this here is to hopefully avoid purchasing a more expensive piece of networking equipment. Essentially, does there exist a configuration (hardware + software) that can handle a 1Gb link on it's own including dealing with a (D)DoS attack at link speed, so ~1.5Mpps. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
