Yup - and I know of more than one SDN ISP that is using Lede as their CPE VNF - straight off the x86 build servers. Whilst it's more a Hyper-visor mitigation there are certainly things guest can do to improve situation. But yes we should look at both cases in detail. On 5 January 2018 at 10:54, Dave Taht wrote: > On Thu, Jan 4, 2018 at 1:52 PM, Joel Wirāmu Pauling > wrote: > > Well as I've argued before Lede ideally should be using to Kernel > Namespaces > > (poor mans containers) for at a minimum the firewall and per-interface > > routing instances. > > Enough stuff landed in the last kernel for me to finally consider that > feasible. > > > > > The stuff I am running at home is mostly on cheap Atom board, so it's a > > matter of squeezing out unneeded cruft on the platform. Also I don't > want to > > be admining centos/rhel servers at home. > > OK, so currently shipped gear is a big unknown then. > > > > > On 5 January 2018 at 10:47, Dave Taht wrote: > >> > >> On Thu, Jan 4, 2018 at 1:44 PM, Joel Wirāmu Pauling > >> wrote: > >> > > >> > > >> > On 5 January 2018 at 01:09, Jonathan Morton > >> > wrote: > >> >> > >> >> > >> >> > >> >> I don't think we need to worry about it too much in a router context. > >> >> Virtual server folks, OTOH... > >> >> > >> >> - Jonathan Morton > >> >> > >> > Disagree - The Router is pretty much synonymous with NFV > >> > > >> > ; I run my lede instances at home on hypervisors - and this is > >> > definitely > >> > the norm in Datacentres now. We need to work through this quite > >> > carefully. > >> > >> Yes, the NFV case is serious and what I concluded we had most to worry > >> about - before starting to worry about the lower end router chips > >> themselves. But I wasn't aware that people were actually trying to run > >> lede in that, I'd kind of expected > >> a more server-like distro to be used there. Why lede in a NFV? Ease of > >> configuration? Reduced attack surface? (hah) > >> > >> The only x86 chip I use (aside from simulations) is the AMD one in the > >> apu2, which I don't know enough about as per speculation... > >> > >> -- > >> > >> Dave Täht > >> CEO, TekLibre, LLC > >> http://www.teklibre.com > >> Tel: 1-669-226-2619 > > > > > > > > -- > > Dave Täht > CEO, TekLibre, LLC > http://www.teklibre.com > Tel: 1-669-226-2619 >