BBlack has submitted this change and it was merged.
Change subject: lvs: rate-limit more ICMP codes, lower to 1/200ms
......................................................................
lvs: rate-limit more ICMP codes, lower to 1/200ms
Bug: T136939
Change-Id: I54d8eb0ac307c63429535c82843ae3a28c5f56b7
---
M modules/lvs/manifests/balancer.pp
1 file changed, 8 insertions(+), 0 deletions(-)
Approvals:
BBlack: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/lvs/manifests/balancer.pp
b/modules/lvs/manifests/balancer.pp
index 7e6df30..3e7f81a 100644
--- a/modules/lvs/manifests/balancer.pp
+++ b/modules/lvs/manifests/balancer.pp
@@ -64,6 +64,14 @@
'net.core.netdev_max_backlog' => 300000,
'net.core.netdev_budget' => 1024,
'net.core.netdev_tstamp_prequeue' => 0,
+
+ # Add Echo Reply, Timestamp Reply, Info Reply, Address Mask Reply
+ # to the default rate limit bitmask. For the definition of the
+ # bitmask, see:
+ # https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
+ 'net.ipv4.icmp_ratemask' => 350233, # 1010101100000011001
+ # Lower rate limit, as the default of 1000ms is way too large
+ 'net.ipv4.icmp_ratelimit' => 200,
},
}
}
--
To view, visit https://gerrit.wikimedia.org/r/294467
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I54d8eb0ac307c63429535c82843ae3a28c5f56b7
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Ema <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
