[ratelimits] RRL vs other approaches

Warren Kumari warren at kumari.net
Tue Feb 19 14:48:25 UTC 2013


On Feb 19, 2013, at 9:44 AM, Jared Mauch <jared at puck.nether.net> wrote:

> 
> On Feb 19, 2013, at 8:48 AM, Edward Lewis wrote:
> 
>> My apologies, I was preparing something for this list last Friday and it's taken a bit longer to put all of the arguments together.  (In response to off-list prompting.)  Monday was a holiday here too, nevertheless, I'm trying to prepare a different talk first.  Eventually I'll emit an "manifesto." ;)
>> 
>> What I have is not "anti-RRL" in anyway, but rationale for a "deeper" solution.
>> 
>> Thank you for saying this - I have it saved as a draft and it skipped my mind for the time being.
> 
> Sending back TC to "authenticate" clients would likely help reduce the abuse of 'udp any'
> 
> I was "forced" to rebuild my dns server in the past week or so.. I have not built-in the rrl patch yet as part of the running server and have noticed that the CPU usage is significantly lower.  (Instead of "150%" it's about 50% of a core).
> 
> Right now I'm debating if it makes sense to continue to patch w/ rrl due to the much higher "cost" (2-3x)

The additional processing you are mentioning is significantly different to other's findings. I suspect something else changed as well.

Can you rebuild with the RLL patch and see how much your CPU does go up? If it is 2x you can always revert…

W

> 
> - Jared
> 
> _______________________________________________
> ratelimits mailing list
> ratelimits at lists.redbarn.org
> http://lists.redbarn.org/mailman/listinfo/ratelimits
> 

-- 
"He who laughs last, thinks slowest." 
    -- Anonymous




More information about the ratelimits mailing list