What's New in the FreeBSD Network Stack 169
jjgm writes "As FreeBSD 5-STABLE approaches, Andre Oppermann has produced a high-level presentation on the changes to the FreeBSD 5.3 network stack. There are many clever tricks for performance and scalability. Amongst other things, Andre claims that FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps."
Re:It's amazing... (Score:1)
assert(mod == stupid);
Re:It's amazing... (Score:1)
I'd really appreciate it if my fellow BSD users would get a bit more of a sense of humor etc...
Re:It's amazing... (Score:2)
Me too. I am responsible for the first post. I meant it as a jab to the trolls who keep posting the BSD is dead crap. They just keep on posting, while FreeBSD, OpenBSD, NetBSD and Mac OSX just keep taking huge strides forward.
I posted as AC because I did not want to submit my login details from where I was at the time.
a.k.a. Project Evil (Score:5, Interesting)
FreeBSD i386 can use binary Ethernet and WLAN network drivers written to the
Windows XP NDIS 5.1 specification. It is a little cumbersome to convert a NDIS driver
into a FreeBSD Kernel Loadable Module (KLD): (By: wpaul)
# ndiscvt -O -i neti557x.inf -s neti557x.sys -n intel0
#
# kldload intel0
Man ndis(4), ndisapi(9), ndiscvt(
?pps (Score:3)
Can someone explain what the 'pps' means? the M and K dont need defining...
Re:?pps (Score:2, Informative)
Re:?pps (Score:2, Informative)
Re:?pps (Score:5, Informative)
It is usually high packets per second that brings a machine to its knees, as opposed to bits or bytes per second.
If you had a given amount of sustained data coming into a machine, it would typically be much less taxing if those packets where large, as opposed to the same bandwidth being used up with very small packets.
Packets are variable length and a single packet will be much larger than a single byte.
Re:?pps (Score:4, Informative)
Which is what you see in DoS [wikipedia.org]c attacks: stuff like SYN floods [wikipedia.org] and smurf attacks [wikipedia.org].
Re:?pps (Score:5, Informative)
Yes. A DoS should be most effective with the smallest packets you can send.
stuff like SYN floods
SYN floods work by requestion permision to statefully connect, without then going through with replying to the handshake that is sent back. When done over and over, this eventually fills the table of half-connections, which in turn prevents the initiation of any more connections and thus a denial of service.
The fact that these packets are small, is coincidental to this discusion. In other words, SYN floods don't work because the packets are small, they work because completing the required handshake sequence is not done.
and smurf attacks.
Ahh, DDoS of lots of little packets, via simple spoofing. What fun.
Re:?pps (Score:2)
Connect to a web server from your botnet, and send the query line by line, with ~60 seconds between each line (IE 60 seconds, then send GET, 60 seconds, send User-Agent, so on). You could run an Apache server out of processes in no time, and there'd be no easy way to block what is going on, without also blocking legit traffic.
Re:?pps (Score:5, Interesting)
Indeed, in this is very you will see a very marked difference between low and high quality network cards. For instance, the common Realtek NIC offloads alot onto the CPU, and induce many interrupts. While high quality cards, like Intel gigabit, will do much prosessing on the card itself. A "ping -f" while using top can be instructive.
Re:?pps (Score:1, Informative)
For those that don't know, M is an abreviation for the prefix "Mega" which means 10^6 (1 million). K stands for Kelvins, a unit of measurement for temperature where 0K is absolute 0.
Re:?pps (Score:1)
pps? (Score:1)
and Kpps = Thousand Packets-per-second.
Not exactly a standard notation that I've ever heard of, but I'll go with it.
Great, now, let's see if you can actually GET a Million Packets in a Second just to the hardware, let alone to the software. Hmm.
Now, correct me if I'm wrong, but to be able to RECEIVE that much data, in the smallest POSSIBLE TCP/IP packets, you would need 500Mbit network link. Sure, I realise that faster than 100Mbit exists, but it sur
Re:pps? (Score:5, Informative)
The minimum ICMP packet size with Ethernet II encapsulation is 46 bytes. The minimum TCP packet size with Ethernet II encapsulation is 54 bytes. So, 1000000pps of 46 byte ICMP is 368 megabits/sec. And, 1000000pps of 54 byte TCP is 432 megabits/sec. Both of these figures seem realistic to me.
Now, the maximum length of an Ethernet II packet, regardless of any upper layer protocols is 1514 bytes. 1000000pps of 1514 bytes is 12.1 gigabits/sec. Obviously, that packet size isn't what they were referencing.
In respect to the link speed, a 1000Mbit or a Gigabit Ethernet link is quite common these days and the above minimum packet size stats aren't out of line.
Actually, on both OS's with a larger packet size, and thus a lower amount of packets-per-second, a decent machine with 66mhz PCI Gigabit NICs can easily route 500mb/sec through the box.
Re:pps? (Score:5, Informative)
No it doesn't, however, being capable of sustaining 1 million packets per second, even if they are the smallest packets possible, is pretty impressive.
The packets have to each be serviced, so at around the same line bandwidth, smallest packets could be coming around 30 times more frequently than the largest packets.
Lots of small packets tend to be more taxing than much fewer large packets.
The fact that there is perhaps a 10 fold difference in performance ceiling between Linux and FreeBSD, should show that this is not a simple bandwidth limit. I would go so far as to say that bits per second can be more misleading than packets per second if used alone or in an inappropriate context.
Packets per second says a lot about the stack, bits per second says more about the interface driver.
Re:pps? (Score:2)
Packets per second says alot about the NIC as well. Use one of those cheap (cheap, like in bad quality) Realtek cards, and do a "ping -f" while watching top. See the CPU usage increase alot. Now, try some better cards, and you don't see the same.
Re:pps? (Score:5, Informative)
Re:pps? (Score:2)
Perhaps the Linux driver handles it better.. (this is a 486sx/33 that is hammered by doing routing for anywhere from 3 to 10 other computers, email services for a whole metric arseload of accounts that receive a ton of spam a day..) still pulls out around 80-95Mbps on transfers within the network, and gets me up to the max 3Mbps incoming speed for Internet usage.
I'm happy with my RT8139's
Re:pps? (Score:2)
Re:pps? (Score:2)
My machines all have NetGear FA311's, which seem to hasis0: Applying short cable fix (reg=5)ve a few of their own problems, but at least they don't have pages of pained commentary in their drivers on how awful the developers think the hardware is
Re:pps? (Score:2)
Read the rest of the comments (Score:2)
That being said, wow, that's a truly awful design.
--Dan
Re:pps? (Score:2)
Not that I'd know, not having a GigE switch, or indeed any other GigE devices, but since it comes bundled on most new motherboards I can at least look forward to my HD's no longer outpacing my LAN many times over next time I upgrade my server.
Re:pps? (Score:2)
When I worked at Chiaro, we routinely handled saturated optical GbE links as part of testing. Of course, these didn't handle bulk data traffic, just the routing protocol updates :-> for the control processor(s) for the real router, which was all optical. I forget how many hundred OC-192 (10 Gb/s) ports it could handle.
My job there involved, among writing and backporting GbE
Re:pps? (Score:3, Insightful)
And Mpps is a standard notation for packet forwarding....FYI.
-psy
Re:pps? (Score:2)
Re:pps? (Score:1)
Re:pps? (Score:2)
Heh (Score:1, Funny)
Re:Heh (Score:2)
As long as OpenBSD and OSX get it, I'll be happy.
The BSD's look pretty lively to me (he says, sitting in his OpenBSD shirt).
Re:Heh (Score:2)
Re:Heh (Score:3, Insightful)
If those changes made it into every OS that could use the improvement, then everything networked would find things just that much better without throwing away the old hardware.
That's exactly the point (Score:2, Insightful)
You've got it. Unlike what is perceived from Linux (all software must be free), BSD is about making all software better. That's the benefit of the BSD license that many people (usually GPL fans) don't understand.
Re:That's exactly the point (Score:2, Insightful)
I guess it's hard for users of a "members only" license to grok the concept of "free for everyone".
Re:That's exactly the point (Score:1)
Re:That's exactly the point (Score:2)
GPLing BSD code doesn't really "protect" it though. You can't strip the copyright notice off, so anyone that wants to use it can find out where it came from and grab the original to use however they like. It protects any changes made to the GPLed version, but those changes can't be released into t
Re:That's exactly the point (Score:2)
Part of the reason for the etiquette is to arrange things so that if the changes are worthwhile they will be released into the BSD licensed original. Being easy to fork does not mean that it's desirable to fork. Whatever is desirable in a fork stands a much higher chance of survival if it is incorporated into the main line that if it orphans itself. If the main-line is BSD licensed,
Re:That's exactly the point (Score:3, Informative)
What you can do, however, is to redistribute BSD licensed code under the GPL. You can also license your own derivative works under the GPL. But you certainly may not take BSD licensed code and file off the license.
That's exactly what "relicense" means (Score:1)
No Open Source license allows relicensing. What you can do, however, is to redistribute BSD licensed code under the GPL. You can also license your own derivative works under the GPL.
Not everybody always uses the most precise language in informal contexts such as Slashdot. In colloquial discussion of free software, to "relicense" a work means to distribute a derivative work under a different license, often from permissive to GPL or the like.
Re:Heh (Score:2)
Re:Heh (Score:1)
Still doesn't mean Microsoft can't borrow some of the cheats used in FreeBSD's drivers in a future version of Windows's stack or (less likely) go back to a BSD stack.
NDIS in XP! (Score:1)
Re:Just wondering... (Score:1, Interesting)
Re:Just wondering... (Score:3, Insightful)
Please point out an example where DFBSD doesn't attribute correctly. I think you won't find any. (and if you do, please mail the kernel-list, since the dfbsd crew is very strict about that)
Re:Just wondering... (Score:2)
Oh, you were wondering where you could read the source? Well, DragonFly's cvsweb [dragonflybsd.org] has a nice interface for it. You can also compare codebases at lxr.watson.org [watson.org].
Also, DFBSD has diverged from FreeBSD 4 a great deal already. The userland
Re:Just wondering... (Score:2, Insightful)
* Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved.
*
* License terms: all terms for the DragonFly license above plus the following:
*
* 4. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
*
* This product includes software developed by Jeffrey M. Hsu
* for the DragonFly Project.
*
* This requirement may be waived with permission from Jeffrey Hsu.
* This requirement will sunset and may be remove
Re:Just wondering... (Score:1)
Re: torstenvl (769732) (#10158823) (Score:1)
I realized that my wording was off as soon as I hit Submit, but I decided not to post a reply to it as most intelligent people would be able to figure out what I meant.
The BSD license _never_ required "attribution" except to the original copyright holders. There is no requirement beyond that, and never has been. For some reason I thought there had been, and I forgot to change the paragraph text after reading the license and realizing my mistake. I'm sure you've made ed
Re: torstenvl (769732) (#10158823) (Score:1)
Re: torstenvl (769732) (#10158823) (Score:1, Informative)
Now concerning the case of the DragonFly network stack, Hsu's chooses to use a time-limited advertisement clause for his code. That's his very own right to do. IIRC the reason was exactly the goingons with certain FreeBSD commiters not willing to correctly attribute his and others changes.
Re:Just wondering... (Score:1, Offtopic)
Because some moderators just can't be bothered to read the guidelines [slashdot.org].
"Concentrate more on promoting than on demoting...Simply disagreeing with a comment is not a valid reason to mark it down."
Personally, I very rarely mod things down. This is because I know a lot of people read slashdot with a +3 (or higher) filter just to wipe away the crap.
And it's also really annoying to get modded down for a heartfelt genuine comment...
Sounds great (Score:1)
Re:Sounds great (Score:2)
For some reason, I dont think cisco or Microsoft would fund such studies.
Re:Sounds great (Score:2, Insightful)
The world's best firewall is *not* OpenBSD (Score:1, Informative)
The Sidewinder G2 firewall implemented on top of "Secure OS" (a BSDi derived OS developed by the people who co developed the technology used by the NSA's "Security Enhanced Linux" has not yet been compromised, and has recently achieved full EAL4+Common Criteria (CC) certification. It is unlikely that OpenBSD will ever do that.
Had I th
Re:Sounds great (Score:1)
As if it is specific to BSD to do a comparison. AFAIK linux advocates spends a lot of resources proving that linux is better, more secure, cheaper, etc. than certain comercial products.
And if certain vendors present studies that proves otherwise, these same advocates will imidiately claim that the studies were conducted
Re:Sounds great (Score:1)
First: The original subject actually mentions a comparison of FreeBSD vs. Linux stating:
Andre claims that FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps.
While the pure anouncement is indeed purely FreeBSD - and not OpenBSD, NetBSD, Darwin or Linux, the comparison was founded at the very top.
Second: I was offended by the part quoted from the previous post. It is nothing special to do comparisons, we all do it all the time. But some advocates are hugely annoye
Re:Sounds great (Score:1)
Fact: OpenBSD has had one, count it, one remote hole in the default install in *eight years*. See http://www.openbsd.org/ [openbsd.org]
Fact: Linux is a kernel, not a complete system, so without some more community-building and standardizing and code merging to come up with a base system universal to the distributions, there's no way Linux -- as opposed to individual vendors thereof -- can ever have a secure default install of a useable system.
Fact: Many people in the industry regard OpenBS
Re:Sounds great (Score:2)
Compare:
Re:Sounds great (Score:2)
Re:Sounds great (Score:2)
Is that REALLY a major issue with todays larger memory sizes?
I don't know for you, but it does matter to me.
And isn't it just a little shaddy to compare a statically liked app to a dynamic app?
You have this backwards. Staticly linked binaries would normally be expected to be *bigger* than dynamic ones. Static BSD /bin/sh is half the size of a dynamic /bin/bash.
ob. Life of Brian quote (Score:2)
Everyone: The People's Front of Judea!? Where!
For god's sake, they're both Unix-like operating systems. There's not a huge difference between them for most purposes, I don't think anyone who's not a complete fanbot would say either is objectively better than the other for all purposes.
Re:Sounds great (Score:2)
getopt
Re:Sounds great (Score:3)
Re:Sounds great (Score:2)
As for getopt_long, it is really convenient for non-shell-script tasks. I mostly like the auto-completion. I like to be able to type:
tar --check-l --tot --blo
when i mean
tar --check-links --total --block-number
That's obviously a random example, but I still enjoy that functionality.
Re:Sounds great (Score:1)
man cp would have told you exactly what you needed to know.
Re:Sounds great (Score:1)
> all employ full time staff to work just on the
> Linux kernel. Apart from hundreds of other small
> companies, governments, educational institutes,
> thousands of volunteers.
Ever heard what too many cooks do to a potentially good dish?
Seems rather appropriate in case of Linux...
Re:Sounds great (Score:1)
Nope, neither do I think Linux qualifies for all those. Both systems have their merrits and disadvantages.
What I was pointing at here is that the fact that a zillion peopel are involved can be as muc
Re:Sounds great (Score:1)
I implied that that might well be possible yes.
> What I find very hilarious is that BSD zealots who are now trying to claim that Linux must be worse because it has *more* people working on it.
Lack of direction, lack of knowing what you can count on with Linux? yes, those are issues when using and supporting it, and can directly be linked to the huge diversity of people work
Re:Sounds great (Score:1)
I refered to a well known saying. If you have too many people working on something, that does not result in better results, more likely in worse results.
That was an answer to the implication in the parent post that more people means better results by definition.
And yes, that implies that this could well be the case for Linux.
> You are a fine person to accuse me
Re:Sounds great (Score:1)
> As I said, this wasn't lack of direction. I suggest you look at the fiasco that is FreeBSD 5. Their operating system is *years* late, and the lack of direction splin
Re:Sounds great (Score:1)
RH 2.4.22 kernel properly supported acpi while gentoo with a 2.4.22 kernel did not. RedHat imported patches from the 2.4.23 pre series.
> The Linux kernel has never been released for "marketing" reasons. Linus has never even worked for a company that markets Linux.
Linus releases
Re:Sounds great (Score:3, Interesting)
Also, features lead to bloat, the opposite of "high-performance" so your argument needs further detail to be of any credibility.
WIll this make it to Mac OS X? (Score:3, Interesting)
As far as I am concerned, the closer Mac OS X under the hood, makes itself closer to FreeBSD the better.
Re:WIll this make it to Mac OS X? (Score:2)
While Jordan still works at Apple AFAIK, my understanding is that OSX has branched significantly from FreeBSD now. So it's definitely not much of a drop-in replacement.
That said, no reason why stuff can get selectively ported...there are definitely some things in this release that I could see being nice for the Mac:
- Arbitary interface naming
- Better VLANs
-psy
Re:WIll this make it to Mac OS X? (Score:5, Informative)
a) While MacOS X libraries are from FreeBSD, Darwin (the kernel) is Mach derived and has very little to do with the FreeBSD kernel. The same tricks might work if they were ported, but that would be more of a rewrite with the same concepts rather than a port.
b) Who in their right mind uses MacOS X for routing? Serving, fine, but actual network infrastructure? I highly doubt it.
Yes, this will make it to Mac OS X (Score:1, Informative)
http://gobsd.com/code/darwin/ [gobsd.com]
http://gobsd.com/code/darwin/xnu/bsd/ [gobsd.com]
http://gobsd.com/code/darwin/xnu/bsd/net/ [gobsd.com]
Re:WIll this make it to Mac OS X? (Score:4, Informative)
That's not true. The FreeBSD network stack is used in Darwin with a compat layer. Look at OpenDarwin's cvsweb [opendarwin.org] for an example.
Re:WIll this make it to Mac OS X? (Score:2)
Not many people use Mac OS X for routing. But people do use it for VPN servers, and NAT servers on smaller networks. Even though they would do better with just buying a one-hundred dollar SOHO router.
FreeBSD and Mac are st
Re:WIll this make it to Mac OS X? (Score:2)
Still-- I don't know anyone that uses MacOS as a router that will see an Mpps.
Re:WIll this make it to Mac OS X? (Score:2)
Re:WIll this make it to Mac OS X? (Score:2)
Re:WIll this make it to Mac OS X? (Score:2)
Damn... (Score:1)
Yes, I always do a fresh install and not an upgrade.
We survived a DoS on .edu network (Score:4, Interesting)
YES, it's happened to us, here on our university boxen, somebody got r00ted, and _crackers_ got in through some backdoors on a LOT of machines, then started DoS'ing my department, we have a small P-II 5.2.1 box tossing packets like nobody's business.
When the college network runs mostly Gigabit, Mpps is a plausible measure of connectivity.
About FreeBSD and Mac OS X (Score:2, Informative)
In order to better see just how much FreeBSD code there is in the Darwin/Mac OS X kernel, and how relevant this work in FreeBSD will be to Mac OS X, please read the following links:
http:// [kernelthread.com]
Comment removed (Score:3, Informative)
Slashdot inspires OS features! (Score:2)
Seen in Slide 21 in the PDF file....
TCP connections in TIME_WAIT2 state (connection closed) waiting for the 2MSL timeout maintain only a minimal set of necessary information instead of a full blown TCP control block. This saves about 80% memory per connection in that state. Especially for HTTP servers this give a far better kernel memory resource usage and a higher number of concurrent connections that can be served within a short time frame ("Slashdot effect").
Re:Playground r00lz for OSS Hackers? (Score:1, Insightful)
Re:Playground r00lz for OSS Hackers? (Score:2)
Linux uses *very* dumb routing algorithms at the moment. There is a fair amount of public research on much smarter mechanisms (one of which I guess FreeBSD would have used).
Thanks.
Listen - do you know of any good texts or treatises that describe these [new] mechanisms?
Re:Playground r00lz for OSS Hackers? (Score:1, Funny)
Wow.
Whos' bitter now?
Re:Playground r00lz for OSS Hackers? (Score:2)
Contrary to the impression left by all the Linux/BSD/GNU etc. zealots, releasing the code under a BSD or GPL license means there is no real OS war going on between say Linux (with or without GNU) and *BSD. The BSD license for the network stack pretty much says "here's our code - feel free to use it, find mistakes, improve on it, etc." If other operating systems (open or not) decide to ad[ao
Re:My personal experience with FreeBSD (Score:2, Insightful)
Please.
Re:My personal experience with FreeBSD (Score:2)
Of course the trolls just copy/paste/edit, and it's a sign of their inferior and feeble mind. Not that they have any mind at all; it's just mindless copy/paste/edit, when they manage not to bungle the "edit" too much.
Most of them don't even do a copy/paste/edit : they download a script th
Re:1Mpps? (Score:2)
We can certainly do better than that on Opterons. Robert
reports a 1.3 Mpps rate on a dual opteron 1.6Ghz. Our numbers on Xeons
are less than 1Mpps.
Re:1Mpps? (Score:1)