[ratelimits] RRL vs other approaches
warren at kumari.net
Tue Feb 19 14:48:25 UTC 2013
On Feb 19, 2013, at 9:44 AM, Jared Mauch <jared at puck.nether.net> wrote:
> On Feb 19, 2013, at 8:48 AM, Edward Lewis wrote:
>> My apologies, I was preparing something for this list last Friday and it's taken a bit longer to put all of the arguments together. (In response to off-list prompting.) Monday was a holiday here too, nevertheless, I'm trying to prepare a different talk first. Eventually I'll emit an "manifesto." ;)
>> What I have is not "anti-RRL" in anyway, but rationale for a "deeper" solution.
>> Thank you for saying this - I have it saved as a draft and it skipped my mind for the time being.
> Sending back TC to "authenticate" clients would likely help reduce the abuse of 'udp any'
> I was "forced" to rebuild my dns server in the past week or so.. I have not built-in the rrl patch yet as part of the running server and have noticed that the CPU usage is significantly lower. (Instead of "150%" it's about 50% of a core).
> Right now I'm debating if it makes sense to continue to patch w/ rrl due to the much higher "cost" (2-3x)
The additional processing you are mentioning is significantly different to other's findings. I suspect something else changed as well.
Can you rebuild with the RLL patch and see how much your CPU does go up? If it is 2x you can always revert…
> - Jared
> ratelimits mailing list
> ratelimits at lists.redbarn.org
"He who laughs last, thinks slowest."
More information about the ratelimits