Keyserver Alive and Well

DES Challenge Lists (deslists@dopey.verser.frii.com)
Wed, 30 Apr 1997 15:17:15 -0600


Just to set the record straight.

The server is alive and well. Up until today, it has generally been running
at about 20% CPU. Today, it's probably between 30-50%. I won't know until
the end of the day if that translates to more keys being checked or whether
there were more packets being dropped on the Internet. [And the server
having to respond multiple times to the same client.]

As I sit here, I can watch the "activity" light on the hub blink in step
with the server's console log. There is no perceptible delay between the
server receiving packets and the server responding to those packets.

My ISP, Front Range Internet Inc., is connected via T-1 lines to both
the MCI backbone and the "Boulder Coop". The "Boulder Coop", I believe,
is connected via T-1 lines to both the Sprint and BBNPlanet backbones.
A brownout on any of these backbones will impact some DESCHALL clients,
but not impact others. I believe the Internet's routing protocols are
intended to eventually discover that a link is down and reroute traffic
through a link that is up. I also believe the rerouting is less than
perfect. [You may correct me if I am wrong.]

The server is easily handling 4000+ clients, and could comfortably
handle 4000 more. Since I expect more than 8000 clients, plans are
in the works for an additional server. But I emphasize, we don't
need another server, yet!

In an emergency, some minor changes to the keyserver could be made
to increase the size of the average keyspace. Also, a "backup"
keyserver is configured and can be brought online on very short
notice if it becomes necessary. [Remember when the main keyserver
went down on April 21st?]

Some have asked why SolNet is already using multiple servers. I can't
answer the question with any certainty. However I'll note that DESCHALL
uses UDP packets. SolNet by contrast uses TCP packets. TCP has
advantages for most protocols. But for this application, TCP is much
more resource intensive and requires several low-level packet exchanges
to accomplish what a single packet exchange in UDP can accomplish.

Thanks for your support!

-- Rocke