Date: Wed, 08 Nov 2000 20:59:44 +0100 From: Andre Oppermann <oppermann@telehouse.ch> To: Bosko Milekic <bmilekic@dsuper.net> Cc: arch@FreeBSD.ORG Subject: Re: Green/Yellow/Red state for the VM system. Message-ID: <3A09B0B0.6661E143@telehouse.ch> References: <Pine.BSF.4.21.0011072102190.79624-100000@jehovah.technokratis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bosko Milekic wrote: > > On Wed, 8 Nov 2000, Andre Oppermann wrote: > > > Let's have an example: There is a DoS attack being launched with > > thousands of TCP connections to some port. Now let's assume this > > would use up all available KVM resources. The thousand-and-first > > TCP connection cannot be handled anymore because there is no free > > KVM any more. Now the INET Networking subsystem has two options: > > 1) make some resources available, eg. drop all fin_wait connections, > > 2) refuse to accept this connection. > > You forget about something. > > (2) has serious implications which are not favorable. The system is > not only going to refuse to accept the connection, but it's going to get > so wedged that it's going to start dropping packets. The idea with the > "yellow" flag would be to stop accepting new connections, and rather just > deal with the presently established connections. This is way better than > just dropping random packets. That is more or less precisely an other way to say "refuse to accept this [new] connection" == "stop accepting new connections". All I argue about is that we don't need a global flag but subsystem local flags as you mention yourself in a later email. Strengthen (or bugfix) the subsystems in a way that they survive a malloc() returning zero either by stopping acceptance of new work, by cleaning up in it's own garden or a combination of both. -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A09B0B0.6661E143>