From owner-freebsd-performance@FreeBSD.ORG Thu Feb 15 23:06:27 2007 Return-Path: X-Original-To: freebsd-performance@freebsd.org Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3E4FF16A400 for ; Thu, 15 Feb 2007 23:06:27 +0000 (UTC) (envelope-from justin@sk1llz.net) Received: from sed.awknet.com (sed.awknet.com [66.152.175.11]) by mx1.freebsd.org (Postfix) with ESMTP id 2823213C442 for ; Thu, 15 Feb 2007 23:06:27 +0000 (UTC) (envelope-from justin@sk1llz.net) Received: by sed.awknet.com (Postfix, from userid 58) id F212B10BBE57; Thu, 15 Feb 2007 15:06:26 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on sed.awknet.com X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=AWL,BAYES_50 autolearn=disabled version=3.1.3 Received: from [192.168.1.101] (cpe-76-167-105-254.socal.res.rr.com [76.167.105.254]) by sed.awknet.com (Postfix) with ESMTP id 812CF10BBCF9 for ; Thu, 15 Feb 2007 15:06:25 -0800 (PST) Message-ID: <45D4E76F.7040807@sk1llz.net> Date: Thu, 15 Feb 2007 15:06:23 -0800 From: Justin Robertson User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: freebsd-performance@freebsd.org References: <20070207120426.CDEFC16A407@hub.freebsd.org> <200702151211.45177.fcash@ocis.net> <45D4D0D1.5020902@sk1llz.net> <200702151357.22075.fcash@ocis.net> In-Reply-To: <200702151357.22075.fcash@ocis.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 23:06:27 -0000 This is definitely worst-case, it's simulating a DDoS attack at the network. What is really surprising is that just 1mbps of traffic is able to kill a 6.x box doing routing. If it were, say, 600mbps that I'd understand as you're pushing over a million PPS. But 1mbps? :-\ Freddie Cash wrote: > On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote: > >> Send a flood of 60 byte syn packets with the tcp sack option thru >> it and check out what happens. It's pretty weird and I can't explain >> why. If you block the packets on the box via ipfw it's fine, the second >> it has to make a routing decision everything goes out the window, it >> seems. There's 100% packet loss on all protocols. I'm not using NAT, >> there are real IPs in different C classes on the other side of the box. >> > > Is that something that would occur normally? Or is this a > worst-case/stress-test trying to break things? How are you generating > the packets? > > I'm not a network guru, and haven't done much in the way of > network-related stress-testing, but I'm always looking for ways to do so. > > -- Justin