Slashdot Mirror
What's New in the FreeBSD Network Stack
jjgm writes "As FreeBSD 5-STABLE approaches, Andre Oppermann has produced a high-level presentation on the changes to the FreeBSD 5.3 network stack. There are many clever tricks for performance and scalability. Amongst other things, Andre claims that FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps."
what the "dead" can do nowdays!
NDIS Binary Compatibility
/* Compile and install new kernel with "options NDIS" */
FreeBSD i386 can use binary Ethernet and WLAN network drivers written to the
Windows XP NDIS 5.1 specification. It is a little cumbersome to convert a NDIS driver
into a FreeBSD Kernel Loadable Module (KLD): (By: wpaul)
# ndiscvt -O -i neti557x.inf -s neti557x.sys -n intel0
#
# kldload intel0
Man ndis(4), ndisapi(9), ndiscvt(
All this talk of Mpps and Kpps is making my need to pee more urgent.
Can someone explain what the 'pps' means? the M and K dont need defining...
I'm presuming that Mpps = Million Packets-per-Second
and Kpps = Thousand Packets-per-second.
Not exactly a standard notation that I've ever heard of, but I'll go with it.
Great, now, let's see if you can actually GET a Million Packets in a Second just to the hardware, let alone to the software. Hmm.
Now, correct me if I'm wrong, but to be able to RECEIVE that much data, in the smallest POSSIBLE TCP/IP packets, you would need 500Mbit network link. Sure, I realise that faster than 100Mbit exists, but it sure isn't common.
And I would highly doubt it's ability to re-route 500Mbits of data per SECOND.
Words speak louder than TRUTH. George Bush.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
Nice throughput- so how long before MS implements it in Longhorn or XP ? :D
How much did they nick from DragonFly? I recall that Jeffrey Hsu revamped the DFBSD TCP stack to great extent. If they did, I'd like to see some attribution.
They don't need to. Linux uses *very* dumb routing algorithms at the moment. There is a fair amount of public research on much smarter mechanisms (one of which I guess FreeBSD would have used). AFAIK, this is getting implemented on Linux as we speak.
This is just another proof on the superiority of the freebsd tcp-stack. I can't wait for a full benchmark between 5.3 (or 5.4, too much changes on 5.3 might not work just wounderfully right now) and the linux kernel.
The more interesting thing for me is: Will these enhancements make it to Mac OS X?
As far as I am concerned, the closer Mac OS X under the hood, makes itself closer to FreeBSD the better.
your ignorance is great, pf is already ported to FreeBSD for quite some time as a kernel loadable module, and it will be integrated with 5.3-RELEASE. Have you copy-pasted a FreeBSD flaming text a year old ?
Please.
Linux uses *very* dumb routing algorithms at the moment. There is a fair amount of public research on much smarter mechanisms (one of which I guess FreeBSD would have used).
Thanks.
Listen - do you know of any good texts or treatises that describe these [new] mechanisms?
Of course the trolls just copy/paste/edit, and it's a sign of their inferior and feeble mind. Not that they have any mind at all; it's just mindless copy/paste/edit, when they manage not to bungle the "edit" too much.
Most of them don't even do a copy/paste/edit : they download a script that does all the work for them. Quite frankly, I'm not sure that they are capable to do a copy/paste/edit. This is why you never see any spark of intelligence or originality in their posting; it's the same post over and over and over and over and over again.
Reading through the presentation I realised I'll be reinstalling my FreeBSD firewall again after 5 becomes officially STABLE, heh.
Yes, I always do a fresh install and not an upgrade.
home
I read some comments on "it is likely you'll be able to through Mpps at it?"
YES, it's happened to us, here on our university boxen, somebody got r00ted, and _crackers_ got in through some backdoors on a LOT of machines, then started DoS'ing my department, we have a small P-II 5.2.1 box tossing packets like nobody's business.
When the college network runs mostly Gigabit, Mpps is a plausible measure of connectivity.
Error 407 - No creative sig found
You've got it. Unlike what is perceived from Linux (all software must be free), BSD is about making all software better. That's the benefit of the BSD license that many people (usually GPL fans) don't understand.
The best way to predict the future is to invent it
The networking functionality of Mac OS X is in fact derived from BSD, FreeBSD in particular. There is actually a fair bit of FreeBSD kernel stuff in the Mac OS X kernel, and you can see this in the Darwin source code:
http://gobsd.com/code/darwin/
http://gobsd.com/code/darwin/xnu/bsd/
http://gobsd.com/code/darwin/xnu/bsd/net/
b) Even if they did take *actual code* from DragonflyBSD, the BSD license doesn't require attribution any longer.
Wow. You are so very deluded. You most certinly do require this. The advertising clause was in fact removed, but you still have to give credit to the authors, and muct agree not to sue them if the code breaks or does not work as advertised before you can use it.
Don't be a troll.
I suggest that you lear to read, because you got it quite backwards.
Sadly it seems that people here are very ignorant about the connection between FreeBSD, and Mac OS X, especially where the Mac OS X kernel is concerned. There are a few people here that are claiming that there is not FreeBSD code in the Darwin kernel, only in the Mac OS X command line apps, and this is blatantly untrue.
In order to better see just how much FreeBSD code there is in the Darwin/Mac OS X kernel, and how relevant this work in FreeBSD will be to Mac OS X, please read the following links:
http://www.kernelthread.com/mac/osx/
http://gobsd.com/code/darwin/xnu/
http://www.apple.com/ca/macosx/features/darwin/
http://developer.apple.com/darwin/
Seriously, with so much documentation available, it's unacceptable for supposedly technical people involved with BSD to not know just how important BSD code is to the kernel of a very nice, and hardly secret or obscure operating system like Mac OS X.
While I am mostly in agreement with you about Linux being crap compared to OpenBSD security wise, your statement regarding nothing beating OpenBSD as a firewall is pure bunk.
i d=466&lang=en
The Sidewinder G2 firewall implemented on top of "Secure OS" (a BSDi derived OS developed by the people who co developed the technology used by the NSA's "Security Enhanced Linux" has not yet been compromised, and has recently achieved full EAL4+Common Criteria (CC) certification. It is unlikely that OpenBSD will ever do that.
Had I the money, I would use nothing else myself, as Secure OS is *Hard Core* Military grade security built into a BSD OS.
http://www.securecomputing.com/news_display.cfm?n
Read. Learn. Grow.
Please refrain from personal attacks.
I realized that my wording was off as soon as I hit Submit, but I decided not to post a reply to it as most intelligent people would be able to figure out what I meant.
The BSD license _never_ required "attribution" except to the original copyright holders. There is no requirement beyond that, and never has been. For some reason I thought there had been, and I forgot to change the paragraph text after reading the license and realizing my mistake. I'm sure you've made editing mistakes as well.
As far as being a troll, I most certainly am not. A troll spouts off at the mouth trying to get emotional responses. A troll does not lay out organized lists of specific opinions and a troll does not then back up those opinions with sources. Please see http://en.wikipedia.org/wiki/Internet_troll, specifically "Many posts may inadvertently cause strife as collateral damage, but they are not trolls."
Certain Slashdot moderators would do well to read this as well.
There is no requirement beyond that, and never has been.
Tsk, Tsk, Tsk. There you go again, "inadvertantly" spreading misinformation!
Basically and fundamental to all variants of the BSD license are *both* the attribution (not claiming that you wrote what you did not, as well as giving credit where credit is due) as well as the disclaimer of liability, which is standard to pretty much all software licenses.
With your latest post, you've managed to bungle things again. Care to try for a third time?
I said it is not required *except* to the original copyright holders. If I make change X to program Y, and submit that change back to the owners of program Y, they are not required by the license under which they put program Y to give attribution in the source or documentation of program Y to me for change X. They are not required to do so. Period. You see, the thing with the BSD license is that it isn't "viral" like the GPL. It applies to the original and not to derivative works. If I want attribution like that I have to separately license my changes back to the original authors, which, depending on the size of my modifications, could be either wise or very petty. Kind of like you're being. Petty, I mean.
Comment removed based on user account deletion
Beginning with the Jaguar release, Mac OS X has been based on the Linux microkernel. *BSD was dumped because of stability problems it caused, and because its code was so krufty it made maintenance a nightmare.
Also, Mike Smith's employment at Apple was terminated in early August after a hallway fistfight over coding styles. He is now working as a contractor writing Python for a Salinas, CA sanitation company.
The industry standard used to be Scott Bradner at Harvard. Every year at Comdex, he would give an after hours presentation on the latest performance tests. He had some great scripts that measured rates for different size packets, and drew graphs. I watched him once, enjoyed his description of one vendor's box " a network diode - packets came in, never went out" as he ranted about them testing stuff before they brought it to his benchmark lab.
It was interesting to see the various sales guys either happy or miserable when they looked at his handout on performance benchmarks of stuff brought to his lab, depending on who was at the top or bottom.
But it costs money to run the tests, and most of the BSDs don't have an incentive to test, since it won't really do more than bragging rights. Would cisco like to find out that FBSD runs faster?
Because FreeBSD has a grown-up license [i.e. a license written by grown-ups, as opposed to a license written by Peter Pan Syndrome utopian-fantasist fifty-year-old teenagers],
Wow.
Whos' bitter now?
Ahh, another "GPL is like a virus" troll.
I think the moderators had you figured out from the beginning, asshole.
It might not be required but it is at the very least part of proper social interaction. You don't just "steal" bits from somewhere else and include it in your own *BSD project.
Now concerning the case of the DragonFly network stack, Hsu's chooses to use a time-limited advertisement clause for his code. That's his very own right to do. IIRC the reason was exactly the goingons with certain FreeBSD commiters not willing to correctly attribute his and others changes.
OK - lets cut the crap. Max 100kpps on Linux? Gosh. Thats utter bullshit. On rather 2-3 years old hardware we've pushed 300kpps through Linux. Not 1Mpps, sure, but this is old, "standard" desktopish hardware. Ie no PCI-X or anything. Plain old Athlon XP's.
A dual Opteron, or Xeon, would probably come in close on the 1Mpps figure, if not better. It's just not that impressive anymore.
Kind of like you're being. Petty, I mean.
Not true you ignorant ass clown. I am being correct. There is a difference.
I don't think you've the brains to be able to make any use out of source code if you can't believe the results of countless documented, failed attempts to breach the sidewinder firewall.
GNU Zealot. Learn to think.
"I don't think..."
On that we're agreed.
And the proof that you have that there's no backdoor or buffer overflow in the code is, ahm, lacking.
Leave the technical issues to those who understand technology please.
Bwahahaha. Begone Astroturfer. "Hardcore military grade" security my ass.
That being said, wow, that's a truly awful design.
--Dan
Seen in Slide 21 in the PDF file....
TCP connections in TIME_WAIT2 state (connection closed) waiting for the 2MSL timeout maintain only a minimal set of necessary information instead of a full blown TCP control block. This saves about 80% memory per connection in that state. Especially for HTTP servers this give a far better kernel memory resource usage and a higher number of concurrent connections that can be served within a short time frame ("Slashdot effect").
Brian: Friends, we must unite to fight the common enemy!
Everyone: The People's Front of Judea!? Where!
For god's sake, they're both Unix-like operating systems. There's not a huge difference between them for most purposes, I don't think anyone who's not a complete fanbot would say either is objectively better than the other for all purposes.
Focus of OpenBSD:
Should we focus on a feature that increases performance or focus on a feature that makes it more secure? OpenBSD chooses to focus limited developer time on the security feature.
We all benefit from that. If you use OpenSSH, thank the OpenBSD people.
Linux, BSD, etc are all boats in the same pond. Add water, and all boats rise.
What'd really be funny is if MS replaced their own NDIS guts with the BSD implementation, since (*big assumption*) MS created NDIS for themselves.
Anyway, I was wondering about the rules on this playground: How would you pull a stunt like that without losing face?
Contrary to the impression left by all the Linux/BSD/GNU etc. zealots, releasing the code under a BSD or GPL license means there is no real OS war going on between say Linux (with or without GNU) and *BSD. The BSD license for the network stack pretty much says "here's our code - feel free to use it, find mistakes, improve on it, etc." If other operating systems (open or not) decide to ad[ao]pt it, this would be a recognition of its quality. There's no losing face in paying a compliment to someone for good code. Of course, if one has a better idea/technology/etc. for doing the same job, one does one's own implementation.
However, childish types will only see a 'my OS is bigger than your OS' face for this.
no 2600 can do 25k-50k pps in the real world. maybe the 2600 XM might be able to approach 25k pps, but that would be seriously taxing it. when you hit anywhere near any of these numbers, the router is being absolutely HAMMERED !!!
No Open Source license allows relicensing. What you can do, however, is to redistribute BSD licensed code under the GPL. You can also license your own derivative works under the GPL.
Not everybody always uses the most precise language in informal contexts such as Slashdot. In colloquial discussion of free software, to "relicense" a work means to distribute a derivative work under a different license, often from permissive to GPL or the like.