| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <063D6719AE5E284EB5DD2968C1650D6D1CBA558A@AcuExch.aculab.com> Date: Tue, 29 Sep 2015 12:38:48 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Peter Nørlund' <pch@...bogen.com>, David Miller <davem@...emloft.net> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "kuznet@....inr.ac.ru" <kuznet@....inr.ac.ru>, "jmorris@...ei.org" <jmorris@...ei.org>, "yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>, "kaber@...sh.net" <kaber@...sh.net> Subject: RE: [PATCH v4 net-next 0/2] ipv4: Hash-based multipath routing From: Peter Nørlund > Sent: 29 September 2015 12:29 ... > As for using L4 hashing with anycast, CloudFlare apparently does L4 > hashing - they could have disabled it, but they didn't. Besides, > analysis of my own load balancers showed that only one in every > 500,000,000 packets is fragmented. And even if I hit a fragmented > packet, it is only a problem if the packet hits the wrong load > balancer, and if that load balancer haven't been updated with the state > from another load balancer (that is, one of the very first packets). It > is still a possible scenario though - especially with large HTTP > cookies or file uploads. But apparently it is a common problem that IP > fragments gets dropped on the Internet, so I suspect that ECMP+Anycast > sites are just part of the pool of problematic sites for people with > fragments. Fragmentation is usually more of an issue with UDP than TCP. Some SIP messages can get fragmented... David
Powered by blists - more mailing lists