Date: Mon, 20 Apr 2009 11:33:05 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Kip Macy <kmacy@freebsd.org> Cc: svn-src-head@freebsd.org, Andre Oppermann <andre@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, Marko Zec <zec@freebsd.org> Subject: Re: svn commit: r191259 - head/sys/netinet Message-ID: <alpine.BSF.2.00.0904201130260.71062@fledge.watson.org> In-Reply-To: <3c1674c90904200001s1d03c7d8udcd2dd4cf99984fd@mail.gmail.com> References: <200904190444.n3J4i5wF098362@svn.freebsd.org> <200904192221.55744.zec@freebsd.org> <3c1674c90904191405v56298134g286ea31ee4680769@mail.gmail.com> <200904200844.12344.zec@freebsd.org> <3c1674c90904200001s1d03c7d8udcd2dd4cf99984fd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Apr 2009, Kip Macy wrote: >> ... which means you fall back to the ordinary routing lookups, but only >> after you have wasted cycles to compute a hash and found out that it >> doesn't match anything in your cache -> in this case I would expect only a >> degradation in performance, not an improvement. > > If your normal operating conditions are DDOS then you have more serious > problems. I said that the system would not collapse as you were in fact > claiming, not that it would perform optimally. I think a useful test case to exercise this would be to look at the performance of a real-world benchmark during a simulated synflood from spoofed source IPs in which you gradually scale up the size of the source IP pool for the synflood, as compared to running without the flowcache. The overhead of all the flowcache misses should, presumably, be quite noticeable once it overflows, as it adds additional locking and lookups (both of which have historically been very noticeable) I think the important question is not whether we can measure the overhead (if we can't then we're not testing right), but whether it leads to a performance collapse that didn't previously exist. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0904201130260.71062>