Firewall Wizards mailing list archives

Re: syslog and network management

From: "Darden, Patrick S." <darden () armc org>
Date: Fri, 14 Mar 2008 08:05:06 -0400


ECC==error checking and correction.  UDP does neither.  That is why it is termed "unreliable."

http://www.tech-faq.com/udp.shtml :

"When we say that UDP is unreliable, we mean that UDP does not provide mechanisms for error detection and error 
correction between the source and the destination. Because of this, UDP utilized bandwidth more efficiently than TCP."

According to rfc 768 (User Datagram Protocol http://www.faqs.org/rfcs/rfc768.html ) the checksum "gives protection 
against misrouted datagrams."  It is for the header only (sip,dip,protocol,header length).  Not to insure data 
integrity.

--p



-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of Paul
D. Robertson
Sent: Thursday, March 13, 2008 12:43 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] syslog and network management


On Mon, 3 Mar 2008, Darden, Patrick S. wrote:

UDP is a LOT faster than TCP.  No ECC so it uses less cpu, less memory,
and has less of a memory footprint.  If you were dropping a lot of UDP,
then TCP would not help at all--you would receive less, just more
reliably.


First, Cisco routers drop UDP on overlaod before they drop TCP, so if your 
log server isn't on the same subnet, that may mean TCP is a better choice 
if you're getting flooded.

Second, it depends on your buffers with TCP, but at least you'd know on 
the receiving end that you're dropping packets.  With buffer tuning, you 
may be able to withstand flooding the log server and catching up again.

Third, I'm pretty sure the RFCs say that UDP must default to checksumming 
packets.


Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: syslog and network management david (Mar 01)
- <Possible follow-ups>
- Re: syslog and network management david (Mar 01)
  - Re: syslog and network management Darden, Patrick S. (Mar 10)
    - Re: syslog and network management david (Mar 13)
    - Re: syslog and network management Paul D. Robertson (Mar 13)
    - Re: syslog and network management Darden, Patrick S. (Mar 16)
- Re: syslog and network management Roel Jonkman (Mar 13)
  - Re: syslog and network management Paul D. Robertson (Mar 13)
  - Re: syslog and network management Chuck Swiger (Mar 13)