6.x, 4.x ipfw/dummynet pf/altq - network performance issues
Justin Robertson
justin at sk1llz.net
Thu Feb 15 23:06:27 UTC 2007
This is definitely worst-case, it's simulating a DDoS attack at the
network. What is really surprising is that just 1mbps of traffic is able
to kill a 6.x box doing routing. If it were, say, 600mbps that I'd
understand as you're pushing over a million PPS. But 1mbps? :-\
Freddie Cash wrote:
> On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote:
>
>> Send a flood of 60 byte syn packets with the tcp sack option thru
>> it and check out what happens. It's pretty weird and I can't explain
>> why. If you block the packets on the box via ipfw it's fine, the second
>> it has to make a routing decision everything goes out the window, it
>> seems. There's 100% packet loss on all protocols. I'm not using NAT,
>> there are real IPs in different C classes on the other side of the box.
>>
>
> Is that something that would occur normally? Or is this a
> worst-case/stress-test trying to break things? How are you generating
> the packets?
>
> I'm not a network guru, and haven't done much in the way of
> network-related stress-testing, but I'm always looking for ways to do so.
>
>
--
Justin
More information about the freebsd-performance
mailing list