Re: Feedback on TCP: Make TCP_RTO_MAX a variable

From: David Newall
Date: Mon Jun 16 2008 - 03:33:16 EST

Next message: Lior Dotan: "Re: [Bug 10866] /dev/rtc was missing until I disabled CONFIG_RTC_CLASS"
Previous message: Paul Jackson: "Re: [PATCH 4/8] x86 boot: allow overlapping ebda and efi memmapmemory ranges"
In reply to: Stephen Hemminger: "Re: Feedback on TCP: Make TCP_RTO_MAX a variable"
Next in thread: David Newall: "Re: Feedback on TCP: Make TCP_RTO_MAX a variable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephen Hemminger wrote:
> On Mon, 16 Jun 2008 06:27:35 +0930
> David Newall <davidn@xxxxxxxxxxxxxxx> wrote:
>
>> ... caused by floods of packets directed towards the internet
>> link at one end or the other
> Why are you letting them through. Use proper firewalling.
>

They didn't get through the router. These floods congested the border
links (devices).

> A real VPN with IPSEC would have stopped the problem.
>

No, it wouldn't. If you don't see this, ask and I'll explain, again.

> I wouldn't put a mission critical system exposed directly to the Internet.
>

I didn't. Standard NAT appliances protect all ends.
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html

Next message: Lior Dotan: "Re: [Bug 10866] /dev/rtc was missing until I disabled CONFIG_RTC_CLASS"
Previous message: Paul Jackson: "Re: [PATCH 4/8] x86 boot: allow overlapping ebda and efi memmapmemory ranges"
In reply to: Stephen Hemminger: "Re: Feedback on TCP: Make TCP_RTO_MAX a variable"
Next in thread: David Newall: "Re: Feedback on TCP: Make TCP_RTO_MAX a variable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]