OpenBSD Journal

Henning Brauer's account of SUCON (and slides)

Contributed by grey on from the delayed slides posting dept.

For those who don't read misc@, Henning has posted an account of his experiences at SUCON here. Additionally, there are links to his slides on bgpd and OpenNTPD both of which are worth reading for those who were unable to attend.

(Comments are closed)


Comments
  1. By Dan (199.203.28.163) on

    Now that I got my BGP routes, what is the recommended way to propogate them to my network? Should it be quadda? or maybe routed?

  2. By RC (4.16.255.251) on

    One thing bothers me.

    So a server with packet-loss (presumably too much network traffic) gets marked as a less reliable source. Sounds reasonable so far. But then later it says that less reliable sources should be queried more often (to try and get a large number of correct replies).

    Assuming this is an accurate view of how OpenNTPD works, it sounds like quite a nasty accidental DoS tool, as if NTPD servers didn't have enough problems already...


    BTW, The "EasyNav" extension for Moz makes these web slides much easier to navigate through... Just middle-click on the forward button to go to the next slide.

    Comments
    1. By Henning (213.128.133.133) henning@openbsd on

      One thing bothers me. So a server with packet-loss (presumably too much network traffic) gets marked as a less reliable source. Sounds reasonable so far. But then later it says that less reliable sources should be queried more often (to try and get a large number of correct replies). it is a little more complicated than that. there is a trustlevel per peer, lets say in %. 100% = we trust it. from 0..19%, we treat them as so bad that it isn't worth dealing with them much, and only send one query every few minutes to check wether it is alive again. Each received correct reply increases trust a little. from 20..79% we try to get it to a state where we can trust it and send queries more agressively - tho that just means "every 5 seconds". That is hardly any load worth talking about. over 80% we trust the peer and scale the query frequency based on the nexthop.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]