nanog mailing list archives
Re: black listing of web traffic
From: Valdis.Kletnieks () vt edu
Date: Tue, 09 Feb 2010 19:28:33 -0500
On Tue, 09 Feb 2010 17:44:01 EST, Andrey Gordon said:
It does seem much like NAT exhaustion even though the f/w claims only 13K session for two dynamic NATs and about 20 static ones. What I don't get is why there is consistency in opening sites. Why does facebook open all the time and store.apple.com barely opens all the time.
This sounds like possibly a hash table with a spectacularly poor hash function, causing most of your entries to be in only a few hash buckets. You hit one of the 497 buckets that has 0 or 1 or 3 entries, it works great. You hit one of 3 buckets that has 4,000+ entries in it, things suck. (You Linux geeks can quit smirking - Linux had a very similar issue in its networking stack not so long ago). Never underestimate the ability of vendor engineers to write hilariously poor code: http://thedailywtf.com/Articles/Else-where.aspx You really gotta assume that your firewall code (or any other code, for that matter) was written by that programmer until proved otherwise.
Attachment:
_bin
Description:
Current thread:
- black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Chris Campbell (Feb 09)
- Re: black listing of web traffic Jon Lewis (Feb 09)
- Re: black listing of web traffic Tony Finch (Feb 09)
- Re: black listing of web traffic Jon Lewis (Feb 09)
- Re: black listing of web traffic Tony Finch (Feb 09)
- Message not available
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Jim Shankland (Feb 09)
- Re: black listing of web traffic Jay Hennigan (Feb 09)
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Valdis . Kletnieks (Feb 09)
- Re: black listing of web traffic gordon b slater (Feb 09)
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic gordon b slater (Feb 09)
- Re: black listing of web traffic Rogelio (Feb 09)
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Chris Campbell (Feb 09)