Does anyone have experience in how the various BSDs stack up in this regard? I know the APIs are pretty similar but, for example, DragonflyBSD has a message passing based one that apparently works pretty well. Does it work well enough that doing userspace networking isn’t needed? What about the other BSDs?
FreeBSD is known to have a great network stack. Netflix uses it for that reason. DragonflyBSD is a bit more experimental so I’m not sure if big players are using it in production.
DragonflyBSD stacks up very well from my shallow understanding, I commented on the original “Why do we use…?” thread on HN about it here: https://news.ycombinator.com/item?id=12023204
at CloudFlare we do use kernel bypass. We are in the second group - we care about performance. More specifically we suffer from IRQ storms. The Linux networking stack has a limit on how many packets per second it can handle. When the limit is reached all CPUs become busy just receiving packets. In that case either the packets are dropped or the applications are starved of CPU. While we don’t have to deal with IRQ storms during our normal operation, this does happen when we are the target of an L3 (layer 3 OSI) DDoS attack. This is a type of attack where the target is flooded with arbitrary packets not belonging to valid connections - typically spoofed packets.
IIRC they used Juniper edge routers to handle a lot of their DDOS protection? This (obviously spoofed packets) seems like a good case for that… obviously I am missing a lot of context, though, I’m sure there’s a good reason.
See for example https://blog.cloudflare.com/todays-outage-post-mortem-82515/
Their first line of defence is anycast, which tends to melt naive ddos attacks. They also work with providers who support open flow, which allows them to push drop rules out to the edge. (Source: youtube)