Date: Fri, 12 Aug 2011 11:32:36 -0400 From: Arnaud Lacombe <lacombar@gmail.com> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: Lawrence Stewart <lstewart@freebsd.org>, Andre Oppermann <andre@freebsd.org>, Steven Hartland <killing@multiplay.co.uk>, freebsd-net@freebsd.org Subject: Re: tcp failing to recover from a packet loss under 8.2-RELEASE? Message-ID: <CACqU3MV9jJy5Q-7HC1315kQkr3%2BSp=YD%2BVqJEDaxoq5-nKK8tQ@mail.gmail.com> In-Reply-To: <20110811135454.GR94016@zxy.spb.ru> References: <E18D678F05BB4F3B93ADEB304CCA8504@multiplay.co.uk> <1F95A4C2D54E4F369830143CBDB5FF86@multiplay.co.uk> <4E37C0F2.4080004@freebsd.org> <2B063B6D95AA4C27B004C50D96393F91@multiplay.co.uk> <C706DEE346684B8DB06CFC090F556E72@multiplay.co.uk> <4E3AA66A.6060605@freebsd.org> <20110805065743.GC94016@zxy.spb.ru> <4E4330B5.5030100@freebsd.org> <20110811123102.GQ94016@zxy.spb.ru> <4E43DA31.7000605@freebsd.org> <20110811135454.GR94016@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, Aug 11, 2011 at 9:54 AM, Slawa Olhovchenkov <slw@zxy.spb.ru> wrote: > On Thu, Aug 11, 2011 at 11:33:37PM +1000, Lawrence Stewart wrote: > >> >>> Autotunig w/o limits is bad idea. This is way to DoS. >> >> >> >> Depends how it is implemented. With appropriate backpressure mechanisms >> >> put in place, it could be perfectly safe. I envisage reassembly segments >> >> being at the bottom of the heap in terms of importance, so if a machine >> >> were to come under memory pressure, they would be the first thing to be >> >> reclaimed. TCP would continue to operate if they got pulled out from >> >> under the connection as the protocol doesn't consider segments held in >> >> reassembly to have been delivered, so would recover via retransmission. >> > >> > Yes, TCP would continue to operate. But attacker don't allow to put >> > system under memory pressure. >> >> Without a concrete patch to discuss, let's just agree to disagree for >> the time being. FreeBSD does a fairly good job autoscaling and reacting >> to pressure with the VM subsystem for example. I don't see why we >> can't > > Yes, and VM system allow to set different memory limits for proccess (and now for jails). > >> become good at doing it with the netstack. Manual tuning sucks and can >> be just as dangerous if you tune things up to get performance, which >> opens you up to the same problems. > > Autoscaling with limits is good. > Automatic computation of limits (from available resources) also is > good (currently limits frequently to small for modern installation, > but don't remember about embeded systems). > <off topic> All the useless limitation BSD puts all over the place wrt. memory management is a huge pain to deal with. nmbcluster, zone limitation and friend are just useless. Just try to use NetGraph with a consequent number of nodes and a high enough pps and the stuff with will start dropping packet all over the place, even if the box has Gigs of free memory. <off topic/> - Arnaud
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACqU3MV9jJy5Q-7HC1315kQkr3%2BSp=YD%2BVqJEDaxoq5-nKK8tQ>