ebtables and smp machines

To: Debian-ISP <debian-isp@lists.debian.org>
Subject: ebtables and smp machines
From: Theodore Knab <tjk@annapolislinux.org>
Date: Thu, 2 Dec 2004 11:36:37 -0500
Message-id: <[🔎] 20041202163637.GB5571@annapolislinux.org>

Are there any dual processor firewalls out there ?

I am just curious if most firewalls are single CPU machines. I put a SMP firewall in place yesterday
and I think I may have misconfigured something. :)

My problem is that I have been running ebtables as a kernel module in the 2.6.8 SMP kernel.
The kernel is compiled for bridge support and bridging is enabled, which is very IRQ intensive.

The 700Mhz P3 dual processor machine is bridge for a T3(DS3) line to our network. Today, when I made a minor update to the 
firewall rules and ran the changes, it crashed. I got a  kernel panics with 'fatal exception in interrupt'.
So after rebooting, I figured can not safely change my firewall rules at the
moment without rebooting the machine. 

I did a google search on 'fatal exception in interrupt' and I am alone. :(

Could the SMP stuff in the kernel cause fatal exception errors in the kernel with applications
that are very network IO intensive ? 


If you are not using a transparent bridge, here is definition:
=====================================

Transparent bridges are becoming trendy because you can drop them on a network with out modifying the
whole network topography. Most transparent bridges are uses as bandwidth shapers. But, transparent bridges can be used
as firewalls and stealthy IDS systems. 

Similar to a router, a transparent bridge is a device that passes packets from one interface to another.
Unlike a router, a transparent bridge does not need to have an IP address. Bridges works on layer 2 level of
the TCP/IP stack. Layer 2 is the physical (hardware address) layer. For example, one MAC passes all the info it gets 
to the other MAC. Switches are new marketing term to define multiport bridges according to Radia Perlman. 
Perlman is the author of the 'spanning tree alogrithim' and a book called
"Interconnections: bridges, routers, switches, and Internetworking Protocols".

-- 
------------------------------------------
Ted Knab
Chester, Maryland  21619 USA
------------------------------------------
The perception of knowledge is an egotistical farce in which
humans extrapolate from simplifications.

Reply to:

Follow-Ups:
- Re: ebtables and smp machines
  - From: Arnt Karlsen <arnt@c2i.net>

Prev by Date: Re: Kernel append="netdev=irq=21,io=0x3000,name=eth0"a not working
Next by Date: Re: Kernel append="netdev=irq=21,io=0x3000,name=eth0"a not working
Previous by thread: click router?
Next by thread: Re: ebtables and smp machines
Index(es):
- Date
- Thread