6.x, 4.x ipfw/dummynet pf/altq - network performance issues
Chris
chrcoluk at gmail.com
Thu Mar 1 11:49:41 UTC 2007
On 15/02/07, Justin Robertson <justin at sk1llz.net> wrote:
>
> This is definitely worst-case, it's simulating a DDoS attack at the
> network. What is really surprising is that just 1mbps of traffic is able
> to kill a 6.x box doing routing. If it were, say, 600mbps that I'd
> understand as you're pushing over a million PPS. But 1mbps? :-\
>
>
> Freddie Cash wrote:
> > On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote:
> >
> >> Send a flood of 60 byte syn packets with the tcp sack option thru
> >> it and check out what happens. It's pretty weird and I can't explain
> >> why. If you block the packets on the box via ipfw it's fine, the second
> >> it has to make a routing decision everything goes out the window, it
> >> seems. There's 100% packet loss on all protocols. I'm not using NAT,
> >> there are real IPs in different C classes on the other side of the box.
> >>
> >
> > Is that something that would occur normally? Or is this a
> > worst-case/stress-test trying to break things? How are you generating
> > the packets?
> >
> > I'm not a network guru, and haven't done much in the way of
> > network-related stress-testing, but I'm always looking for ways to do so.
> >
> >
>
>
> --
> Justin
>
>
>
> _______________________________________________
> freebsd-performance at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
> To unsubscribe, send any mail to "freebsd-performance-unsubscribe at freebsd.org"
>
does disabling sacks harden agsint syn floods then?
I agree 1mbps of syn is a weak flood.
Chris
More information about the freebsd-performance
mailing list