From owner-freebsd-performance@FreeBSD.ORG Thu Mar 1 11:49:40 2007 Return-Path: X-Original-To: freebsd-performance@freebsd.org Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E331E16A401 for ; Thu, 1 Mar 2007 11:49:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.freebsd.org (Postfix) with ESMTP id 7E0E513C441 for ; Thu, 1 Mar 2007 11:49:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so321793ugh for ; Thu, 01 Mar 2007 03:49:39 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ClrA4BqrisbBYz0UbqOMjkNgiaexkt7RYiuRJKn5+RFgWvgDz9SX1sy6aXp58n/MdBWxxoQOjoBoCfJqHU58RxZ10teCvQSowgJeJ8mLyDKV2lvzxDQYMHq4AQL0XzuXANLSYwNa38nyXIZhaF8OzDxucQvYxPcvtkCj8mKov8Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oKV8Ipdd6KvSh3Qjhh7dAFoyeHQO1neuPGvWfffP54DZaj0CKeLUkfDAhTNdJAbBGO3ni30tj7Js/f4Aj/8TAbWs7dY68AolPWgGov0pXwXOu8EZfyED4hoHryABLEPGpFJBXNdHlNRMlGqXTjmXrQjervzj1h4LIyBkl4XQ/LI= Received: by 10.82.175.2 with SMTP id x2mr535018bue.1172748180870; Thu, 01 Mar 2007 03:23:00 -0800 (PST) Received: by 10.82.135.17 with HTTP; Thu, 1 Mar 2007 03:23:00 -0800 (PST) Message-ID: <3aaaa3a0703010323x107b0857k93069a719c216df6@mail.gmail.com> Date: Thu, 1 Mar 2007 11:23:00 +0000 From: Chris To: "Justin Robertson" In-Reply-To: <45D4E76F.7040807@sk1llz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070207120426.CDEFC16A407@hub.freebsd.org> <200702151211.45177.fcash@ocis.net> <45D4D0D1.5020902@sk1llz.net> <200702151357.22075.fcash@ocis.net> <45D4E76F.7040807@sk1llz.net> Cc: freebsd-performance@freebsd.org Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2007 11:49:41 -0000 On 15/02/07, Justin Robertson wrote: > > This is definitely worst-case, it's simulating a DDoS attack at the > network. What is really surprising is that just 1mbps of traffic is able > to kill a 6.x box doing routing. If it were, say, 600mbps that I'd > understand as you're pushing over a million PPS. But 1mbps? :-\ > > > Freddie Cash wrote: > > On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote: > > > >> Send a flood of 60 byte syn packets with the tcp sack option thru > >> it and check out what happens. It's pretty weird and I can't explain > >> why. If you block the packets on the box via ipfw it's fine, the second > >> it has to make a routing decision everything goes out the window, it > >> seems. There's 100% packet loss on all protocols. I'm not using NAT, > >> there are real IPs in different C classes on the other side of the box. > >> > > > > Is that something that would occur normally? Or is this a > > worst-case/stress-test trying to break things? How are you generating > > the packets? > > > > I'm not a network guru, and haven't done much in the way of > > network-related stress-testing, but I'm always looking for ways to do so. > > > > > > > -- > Justin > > > > _______________________________________________ > freebsd-performance@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-performance > To unsubscribe, send any mail to "freebsd-performance-unsubscribe@freebsd.org" > does disabling sacks harden agsint syn floods then? I agree 1mbps of syn is a weak flood. Chris