Mensaje archivado #905 de la Lista ecs-isp@2rosenthals.com anterior mensaje siguiente mensaje volver a la lista

De: "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> Encabezados Completos
Mensaje no decodificado
Asunto: IP stack (was: Re: [eCS-ISP] Hypervisor os2 (OT))
Fecha: Tue, 1 Oct 2024 11:05:08 -0400
Para: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

HI, Max...

On 10/01/24 10:34 am, Massimo S. wrote:

<snip>

Lewis, i'm sorry, is there any hope that AOS will get a new stack IP?


Not likely, and certainly not for IPv4. If anything, at some point we might commission an IPv6 stack to run in a dual stack configuration, but for the foreseeable future, there is simply no need for IPv6 in ArcaOS.

Here internet connections like 1, 2.5 and 10Gigabit are arriving.
I doubt that will be compliant with those datarates.


Bandwidth has very little to do with this. It's hardware drivers for NICs capable of utilizing such bandwidth. Our stack is quite robust. That's not to say that we can't run out of things from time to time, but in general, I see no need to rip and replace the entire IP stack. I may change my mind once we have drivers for the current crop of 2.5Gbps Intel chips (and David is working on a driver for the Intel family, now).

If you can point me to an RFC which would require changes to the stack for 2.5Gbps or 10Gbps transmissions, I'd be happy to have a look at it. As a protocol analyst, though (or someone who used to do a considerable amount of protocol analysis when engaged in private consulting), I am not aware of anything which would need to be changed in the IP stack simply to handle more bandwidth. (I am aware of several proposals for external buffering to better handle 10Gbps under load, however. the papers I've seen which refer to "scalable 10Gbps stack architecture" are specifically dealing with implementing the external buffering in hardware, and not at the OS level. That is not to say that the OS might not need some additional buffering, but we'll cross that bridge when we come to it.)

I still have some Injoy FW at customer places, but i plan to abandon them
due to poor performances, even with Intel Core I7 as CPU.


IMO, while InJoy is an excellent software firewall for small networks and individual systems, it does not scale well to larger implementations. That is not to discourage sales of InJoy licenses to those smaller enterprises (1-10 stations), but to keep expectations realistic.

I use Sophos UTM, which will soon (6/2026) be discontinued in favor of Sophos' more robust XGS platform. These offerings are available as software or hardware appliances. Other options include SonicWALL (now owned by Dell) and a bunch of others with similar offerings.

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------
Suscribirse: Todos, Compendio, Indice.
Desuscribirse
Correo al dueño de la Lista