Re: Feedback on TCP: Make TCP_RTO_MAX a variable

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Newall <davidn@davidnewall.com>
To: Stephen Hemminger <shemminger@vyatta.com>
Cc: OBATA Noboru <noboru.obata.ar@hitachi.com>,
	"David S. Miller" <davem@davemloft.net>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	linux-net@vger.kernel.org
Subject: Re: Feedback on TCP: Make TCP_RTO_MAX a variable
Date: Mon, 16 Jun 2008 17:03:06 +0930	[thread overview]
Message-ID: <48561732.1040203@davidnewall.com> (raw)
In-Reply-To: <20080615195148.28c85c36@extreme>

Stephen Hemminger wrote:
> On Mon, 16 Jun 2008 06:27:35 +0930
> David Newall <davidn@davidnewall.com> wrote:
>   
>> ... caused by floods of packets directed towards the internet
>> link at one end or the other
> Why are you letting them through. Use proper firewalling.
>   

They didn't get through the router.  These floods congested the border
links (devices).

> A real VPN with IPSEC would have stopped the problem.
>   

No, it wouldn't.  If you don't see this, ask and I'll explain, again.


> I wouldn't put a mission critical system exposed directly to the Internet.
>   

I didn't.  Standard NAT appliances protect all ends.

next prev parent reply	other threads:[~2008-06-16  7:33 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-15 20:57 Feedback on TCP: Make TCP_RTO_MAX a variable David Newall
2008-06-16  0:36 ` Chris Fowler
2008-06-16  7:40   ` David Newall
2008-06-16  2:51 ` Stephen Hemminger
2008-06-16  7:33   ` David Newall [this message]
2008-06-16  7:52 ` David Miller
2008-06-16 14:43 ` Noboru OBATA

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48561732.1040203@davidnewall.com \
    --to=davidn@davidnewall.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-net@vger.kernel.org \
    --cc=noboru.obata.ar@hitachi.com \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.