Hello... Seeking opinion on what a reasonable amount of simultaneous reject traffic would be for what I'll call a "major eCommerce type site"? I've been told that 4000 simultaneous hits/second to our proxies should be easily handled, even when these hits are all being rejected, such as from an automated scan (SYN scan, FIN scan, etc.). Doing the math, on an "enterprise class" proxy, running on Solaris, 4000 simultaneous rejected hits amounts to something like 12,000 files handles opened per second, which is going to kill kernel space, for starters. Now do this solid over a 2 hour period. The result was extremely high load average (20+), huge log files, much slower performance (duh!), etc. So, the question is this: aside from planning for DoS attacks (which isn't being done in this case, and which I would typically relegate to routers and load balancers), what's a reasonable number of simultaneous rejected hits per second to handle? This would essentially go toward capacity planning... Thanks! -ben ************************************* Benjamin Tomhave [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
