27 Sep
2021
27 Sep
'21
11:56 p.m.
I would think that FreeBSD of all things would be fine forwarding at much
more than that.
At work we lease Dedicated servers to a wide variety of VPN providers, and
they are all having them delivered with dual 10Gb interfaces - and pushing
6-7Gbps per server. Now most of the providers run customised *nix
platforms, but one in particular (who I won’t name) runs Windows 2019 and
uses RRAS and it handles it ok.. so provided the CPU is relatively recent
and has the appropriate extensions to support hardware encryption (assuming
the 44net tunnels are even encrypted), and the NIC has checksum offload,
etc, FreeBSD shouldn’t have any problems whatsoever :)
—DG
VK2TDG/DGJ
On Tue, 28 Sep 2021 at 7:21 am, David Ranch via 44Net <
44net(a)mailman.ampr.org> wrote:
Hello Chris,
This 1Gbps link is to the IPIP gateway system in San Diego right? If so,
even if you get a faster pipe, can this gateway server (I want to say
this is a FreeBSD machine right?) actually forward at those rates?
--David
KI6ZHD
On 09/27/2021 02:10 PM, Chris Smith via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
There has been a plan in place to upgrade the
link to 10Gb/s for nearly
a year, there were two attempts at upgrading which failed
due to the new
link not working, but UCSD have now identified the issue and the upgrade
has been expedited and, all being well, it will be upgraded within the next
week or two.
Of course that just means the next DDOS will be hitting the gateway much
harder,
but at least we will have some decent headroom under normal
circumstances.
73,
Chris - G1FEF
> On 27 Sep 2021, at 09:20, Tim de Boer via 44Net <44net(a)mailman.ampr.org>
wrote:
>
> I agree with Rob! Normally you should start upgrading the connection if
the
> average reaches 50% of it's capacity
>
> --
> Tim (PH4T)
>
> On Mon, 27 Sept 2021 at 10:03, Rob PE1CHL via 44Net <
44net(a)mailman.ampr.org>
> wrote:
>
>> Yes it would be worthwile to research (with the IP address as
information)
>> what could
>> be the reason behind this. Assuming it was not 44.0.0.1 but some
>> amateur's IP, it could
>> be some retaliation against that person and they may be able to
identify
a
>> likely source
>> and legal action may be possible.
>>
>> Aside from that, I think there is too little headroom on this
connection
>> and it needs
>> to be upgraded to 10Gbit or some teamed 1Gbit links when that is more
>> practical.
>> The background noise already takes up 650Mbit/s of the 1Gbit/s
available...
Rob
On 9/27/21 9:33 AM, Marius Petrescu via 44Net wrote:
> Tnx. Chris for the update.
>
> I'm still wondering what the goal of such an attack is...
>
> On 27/09/2021 10:30, Chris Smith via 44Net wrote:
>> So, it was a TCP port 80 attack directed against one IP address.
>>
>> I passed this on to my contacts at CAIDA who passed it onto the UCSD
NOC who have got the IP blocked.
>> The traffic has now returned to normal.
>>
>> Chris - G1FEF
>>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net