Date: Thu, 15 Feb 2007 15:06:23 -0800 From: Justin Robertson <justin@sk1llz.net> To: freebsd-performance@freebsd.org Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues Message-ID: <45D4E76F.7040807@sk1llz.net> In-Reply-To: <200702151357.22075.fcash@ocis.net> References: <20070207120426.CDEFC16A407@hub.freebsd.org> <200702151211.45177.fcash@ocis.net> <45D4D0D1.5020902@sk1llz.net> <200702151357.22075.fcash@ocis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is definitely worst-case, it's simulating a DDoS attack at the network. What is really surprising is that just 1mbps of traffic is able to kill a 6.x box doing routing. If it were, say, 600mbps that I'd understand as you're pushing over a million PPS. But 1mbps? :-\ Freddie Cash wrote: > On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote: > >> Send a flood of 60 byte syn packets with the tcp sack option thru >> it and check out what happens. It's pretty weird and I can't explain >> why. If you block the packets on the box via ipfw it's fine, the second >> it has to make a routing decision everything goes out the window, it >> seems. There's 100% packet loss on all protocols. I'm not using NAT, >> there are real IPs in different C classes on the other side of the box. >> > > Is that something that would occur normally? Or is this a > worst-case/stress-test trying to break things? How are you generating > the packets? > > I'm not a network guru, and haven't done much in the way of > network-related stress-testing, but I'm always looking for ways to do so. > > -- Justin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D4E76F.7040807>