Firewall Wizards mailing list archives
Re: syslog and network management
From: "Darden, Patrick S." <darden () armc org>
Date: Fri, 14 Mar 2008 08:05:06 -0400
ECC==error checking and correction. UDP does neither. That is why it is termed "unreliable." http://www.tech-faq.com/udp.shtml : "When we say that UDP is unreliable, we mean that UDP does not provide mechanisms for error detection and error correction between the source and the destination. Because of this, UDP utilized bandwidth more efficiently than TCP." According to rfc 768 (User Datagram Protocol http://www.faqs.org/rfcs/rfc768.html ) the checksum "gives protection against misrouted datagrams." It is for the header only (sip,dip,protocol,header length). Not to insure data integrity. --p -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of Paul D. Robertson Sent: Thursday, March 13, 2008 12:43 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] syslog and network management On Mon, 3 Mar 2008, Darden, Patrick S. wrote:
UDP is a LOT faster than TCP. No ECC so it uses less cpu, less memory, and has less of a memory footprint. If you were dropping a lot of UDP, then TCP would not help at all--you would receive less, just more reliably.
First, Cisco routers drop UDP on overlaod before they drop TCP, so if your log server isn't on the same subnet, that may mean TCP is a better choice if you're getting flooded. Second, it depends on your buffers with TCP, but at least you'd know on the receiving end that you're dropping packets. With buffer tuning, you may be able to withstand flooding the log server and catching up again. Third, I'm pretty sure the RFCs say that UDP must default to checksumming packets. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: syslog and network management david (Mar 01)
- <Possible follow-ups>
- Re: syslog and network management david (Mar 01)
- Re: syslog and network management Darden, Patrick S. (Mar 10)
- Re: syslog and network management david (Mar 13)
- Re: syslog and network management Paul D. Robertson (Mar 13)
- Re: syslog and network management Darden, Patrick S. (Mar 16)
- Re: syslog and network management Darden, Patrick S. (Mar 10)
- Re: syslog and network management Roel Jonkman (Mar 13)
- Re: syslog and network management Paul D. Robertson (Mar 13)
- Re: syslog and network management Chuck Swiger (Mar 13)