Hi,
in the 2.2 series there was a switch for "CPU is too slow to handle full
bandwidth" which has gone in 2.4. Can anybody tell me the reason for this?
Is there a possibility to "harden" a small machine (33 MHz embedded
device) against e.g. flood pings from the outside world?
Robert
--
+--------------------------------------------------------+
| Dipl.-Ing. Robert Schwebel | http://www.pengutronix.de |
| Pengutronix - Linux Solutions for Science and Industry |
| Braunschweiger Str. 79, 31134 Hildesheim, Germany |
| Phone: +49-5121-28619-0 | Fax: +49-5121-28619-4 |
+--------------------------------------------------------+
Robert Schwebel wrote:
> Hi,
>
> in the 2.2 series there was a switch for "CPU is too slow to handle full
> bandwidth" which has gone in 2.4. Can anybody tell me the reason for this?
>
> Is there a possibility to "harden" a small machine (33 MHz embedded
> device) against e.g. flood pings from the outside world?
>
AFAIK, there is a mechanism to switch off the interrupts generated
by the network card, if the load is getting too high. This way the
packets get overwritten on the nic buffers and do not even reach
the CPU.
I don't know if this is implemented (in all drivers?)
> > Is there a possibility to "harden" a small machine (33 MHz embedded
> > device) against e.g. flood pings from the outside world?
> >
>
> AFAIK, there is a mechanism to switch off the interrupts generated
> by the network card, if the load is getting too high. This way the
> packets get overwritten on the nic buffers and do not even reach
> the CPU.
this is a whole new strategy: ie you switch from interrupt-driven handling
to periodicall polls of the NIC.
last time i`ve heard of it it was the bleeding edge Jamal`s model
of the lowlevel network engine.
regards, Samium Gromoff
On Thu, 28 Mar 2002, Samium Gromoff wrote:
> > > Is there a possibility to "harden" a small machine (33 MHz embedded
> > > device) against e.g. flood pings from the outside world?
> > >
> >
> > AFAIK, there is a mechanism to switch off the interrupts generated
> > by the network card, if the load is getting too high. This way the
> > packets get overwritten on the nic buffers and do not even reach
> > the CPU.
> this is a whole new strategy: ie you switch from interrupt-driven handling
> to periodicall polls of the NIC.
> last time i`ve heard of it it was the bleeding edge Jamal`s model
> of the lowlevel network engine.
>
> regards, Samium Gromoff
You can also get rid of any polling in the driver ISR. This is used
for "interrupt mitigation" and has the bad effects that you describe.
Instead of:
while(some_bits_are_set)
service_those_bits();
return;
Modify to:
if(some_bits_are_set)
service_those_bits();
return;
This will allow other stuff to happen before the ISR gets called
again. Yes, you lose packets when stormed, but so-what? For normal
communication, the NIC runs fine, maybe a few percent loss in
performance.
FYI, every driver that I have used that suffers 'lock-up' like
the eepro100, 3c59x, etc., can be permanently fixed by removing the
poll. Something to think about.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).
Windows-2000/Professional isn't.
Robert Schwebel wrote:
>
> Is there a possibility to "harden" a small machine (33 MHz embedded
> device) against e.g. flood pings from the outside world?
It *is* bleeding edge, as someone else pointed out, but you should
really investigate NAPI. It's designed to make Linux resiliant against
non-flow-controlled network loads like routing, which sounds like
just the ticket.
--
Peter Desnoyers
On Fri, 29 Mar 2002 [email protected] wrote:
> Robert Schwebel wrote:
> >
> > Is there a possibility to "harden" a small machine (33 MHz embedded
> > device) against e.g. flood pings from the outside world?
>
> It *is* bleeding edge, as someone else pointed out, but you should
> really investigate NAPI. It's designed to make Linux resiliant against
> non-flow-controlled network loads like routing, which sounds like
> just the ticket.
There is rate limiting in recent iptables, as well. I don't regard
iptable as bleeding edge, so that may have a higher comfort level.
--
bill davidsen <[email protected]>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
On Fri, Mar 29, 2002 at 10:47:55AM -0500, Bill Davidsen wrote:
> On Fri, 29 Mar 2002 [email protected] wrote:
>
> > Robert Schwebel wrote:
> > >
> > > Is there a possibility to "harden" a small machine (33 MHz embedded
> > > device) against e.g. flood pings from the outside world?
> >
> > It *is* bleeding edge, as someone else pointed out, but you should
> > really investigate NAPI. It's designed to make Linux resiliant against
> > non-flow-controlled network loads like routing, which sounds like
> > just the ticket.
>
> There is rate limiting in recent iptables, as well. I don't regard
> iptable as bleeding edge, so that may have a higher comfort level.
>
Yes, but it won't keep the interrupts from all of those packets from
overloading, and DoSing it or possibly crashing the system.