On Wed, Jun 15, 2005 at 12:07:52PM -0400, R. DuFresne wrote: > >> You have two choices: either disable TCP SACK support on all your > >> real/virtual machines behind your firewall, or upgrade the kernel on the > >> firewall. > > > > Do you have any instructions or a pointer to documentation onhow to > > temporarily disable SACK? If it was a /proc setting that would be > > ideal; I don't really want to have to recompile kernels though. > > > > why? you are certainly missing out on how to fix and patch a systems when > bugs in the kernel affect it, to the ability to add features that your > dist maintainer has not enabled by default, or to change params in the > kernel such as moving away or to kernel modules as opposed to stack > functionality mapping. I'm sorry, I didn't phrase that very well. I'm perfectly happy to compile new kernels and indeed I am required to run a patched 2.6.11 plus some other patches that I have to apply manually in order to use Xen. $ uname -a Linux curacao.strugglers.net 2.6.11curacaoxen0-steven-hand1 #1 Sat Jun 4 18:49:26 UTC 2005 i686 GNU/Linux I just didn't want to make a new kernel and reboot in order to test the suggestion of disabling SACK as the downtime of a reboot on a machine with multiple virtual machines is unpopular.
Attachment:
signature.asc
Description: Digital signature
