... | ... | @@ -2,7 +2,7 @@ Recently, version 3.0 of Knot DNS - an open-source implementation of an authorit |
|
|
|
|
|
## XDP
|
|
|
|
|
|
When trying to maximize the UDP throughput (e.g. to mitigate flood attacks), processing packets in the kernel tends to limit the overall performance. In the case where the network stack isn't needed for advanced routing, firewall, traffic monitoring, or shaping, it is possible to bypass the kernel and pass the packets from the NIC directly to the DNS daemon. This technology is called eXpress Data Path (XDP). When using the XDP implementation in Knot DNS, the maximum DNS-over-UDP throughput is increased by tens of percent. Other traffic (DNS-over-TCP, management over SSH, ...) remains unaffected and is processed by the kernel as usual.
|
|
|
When trying to maximize the UDP throughput (e.g. to mitigate flood attacks), processing packets in the kernel tends to limit the overall performance. In the case where the network stack isn't needed for advanced routing, firewall, traffic monitoring, or shaping, it is possible to bypass the (modern Linux) kernel and pass the packets from the NIC directly to the DNS daemon. This technology is called eXpress Data Path (XDP). When using the XDP implementation in Knot DNS, the maximum DNS-over-UDP throughput is increased by tens of percent. Other traffic (DNS-over-TCP, management over SSH, ...) remains unaffected and is processed by the kernel as usual.
|
|
|
|
|
|
Example:
|
|
|
```
|
... | ... | |