Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Vyatta MPPS DDOS Load
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Vyatta MPPS DDOS Load

FRCoreyFRCorey Member
edited April 2013 in General

Finally happened, but for those curious what a MPPS attack does to a Vyatta on a E5 Processor.

model name : Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz
NIC Intel I350-F2 MMF Fiber 2 SFP model.

PPS 1.06 MPPS

Load .12

Comments

  • HalfEatenPieHalfEatenPie Veteran
    edited April 2013

    Hm... Any graphs available?

    I like pretty graphs.

  • Any particular reason you went with E5 2643?

  • @serverian said: Any particular reason you went with E5 2643?

    One of the few decent E5s...

  • @serverian this was the recommended processor when talking to them, they prefer the 3ghz types. Also I think it's the only one you can turn off HT and have 4 real CPU's for their lowest license level 4CPU cores. You can get one that's 2 core HT, but I'd rather have 4 real cores.

    BW http://grab.by/li1u
    PPS http://grab.by/li1y <== does not show the 1mpps, but that's an average graph and I locked it down pretty fast.

  • @FRCorey nice, IMHO vyatta with the right hardware is rock solid. Hopefully they keep going and improving now being part of Brocade.

  • whats the license cost for 4 cpu cores?

  • @Ruchirablog just use the open source version - unless you need a web ui or support..

  • the community edition I dont think has the fastpath feature that the E5 is capable of, but even on a dell 1950 with the 1.9 ghz processors and good intel multi queue cards a 1mpps attack was a load of 1-2, but packet loss would be noticeable.

    Support is very responsive. For 2 routers you're looking at 8-10Grand for a 3 year contract, just depends on how agressive they are with sales. That's a 4 core system no HT, you can order 4 core HT proc's and just turn off HT in BIOS.

  • WilliamWilliam Member
    edited April 2013

    We use Vyatta on a SW router as well (one edge), which does 1MPPS+ as normal routing at load 0.10 - DDoS 5MPPS+ at 1+ with some reachability issues.

    Can't complain, but it will never replace ASIC routing.

  • It's not so much the load, but whether there will be packet loss, whether it'd go down or other issues. Haven't really seen high load with a Vyatta.

  • In the past when I used Vyatta the bottleneck has been the nics not being able to handle the high PPS

  • MicrolinuxMicrolinux Member
    edited April 2013

    @FRCorey said: the community edition I dont think has the fastpath feature that the E5 is capable of,

    Is that even available in the commercial version for sure? I think they announced it around this time last year and not a peep about it since, at least that I have heard of.

  • That E5-2643 is lovely, my new favourite processor :D

  • E5 seems like overkill, no?

  • The E5 has special features for networking built into the chip IE fast pathing packets and yes it's available in the commercial version. Vyatta can now do 8mpps per CPU core, so a 4 core box can handle 32mpps dependent on bandwidth of course.

  • @FRCorey said: yes it's available in the commercial version.

    Cool. I may have to get in touch with them. We've been using the open source version in a couple of points on our network, and its been running absolutely flawlessly. I'd pay that support price all day everyday if they can actually deliver. It sounds like you are using it?

  • @FRCorey Could You please post a CPU utilization graph too?

Sign In or Register to comment.