Re: Mitigating HTTP DDoS attacks?

[Peter Dambier]

> On Mon, Mar 24, 2008 at 11:34:58PM +, Paul Vixie wrote:
>> i only use or recommend operating systems that have their own host based
>> firewalls.  

That was exactly my problem.

Barney Wolff wrote:
> What finally broke was doing a table list, possibly because the
> command prints in sorted order.  

Happened to me too.

First step: Borrowed "sort.c" from Minix.

Next step: Large swap file.

Finally: changed the distribution.

sort is one the biggest hidden problems. There are broken sorts around,
I guess some of the problems are character set specific. There is no
more EBCDIC but UTF-8 and UTF-16 are even worse.

Related to sort, you may have more than enough memory or swap but your
process wont get it.

You can avoid sorting by looking into the "/proc" files.

proc2pl might get you ideas, from the ISAON tools on

http://iason.site.voila.fr/

You might even sort or grep the output and you can always do that
on a machine that is not your router.

Kind regards
Peter

-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [EMAIL PROTECTED]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/

RE: rack power question

[michael.dillon]

> what kind of automation can i deploy that will 
> precipitate the particulates so that air can move (for 
> cooling) and so that air won't bring grit (which is conductive)?

Have you considered a two-step process using water in the first
step to remove particulates (water spray perhaps?) and then an
industrial air-drier in the second step?

Alternatively, have you considered air liquifiers like those
used in mining (Draegerman suits) which produce very cold liquid
air? The idea would be to spray the liquid air inside the data 
center rather than blowing in the gaseous form.

Of course, I don't know if the economics of this work out, although
there are people working on increasing the efficiency of air
liquification
so there is quite a bit of price variation between older methods and
newer ones.

--Michael Dillon

Re: rack power question

[Adrian Chadd]

This thread begs a question - how much do you think it'd be worth to do
things more efficiently?




Adrian

Re: rack power question

[Leigh Porter]

$5


Adrian Chadd wrote:

This thread begs a question - how much do you think it'd be worth to do
things more efficiently?




Adrian
  

Re: rack power question

[Alexander Harrowell]

I still think the industry needs to standardise water cooling to popularise
it; if there were two water ports on all the pizzaboxes next to the RJ45s,
and a standard set of flexible pipes, how many people would start using it?
There's probably a medical, automotive or aerospace standard out there.

On Tue, Mar 25, 2008 at 12:23 PM, Leigh Porter <[EMAIL PROTECTED]>
wrote:

>
>
> $5
>
>
> Adrian Chadd wrote:
> > This thread begs a question - how much do you think it'd be worth to do
> > things more efficiently?
> >
> >
> >
> >
> > Adrian
> >
>

RE: Mitigating HTTP DDoS attacks?

[Darden, Patrick S.]

Hi Mike,

Depending upon the type of DDOS, there are five things you should do in order:

1.  immediate response: set your host based security to mitigate the attack.  
E.g. mod_security for Apache web server, IPTables for host firewall.  This will 
keep the hard drives from filling up, the cpu from smoking, etc.
2.  second response: gateway router or border firewall.  Filter that stuff out 
if you can.  This will keep your internal network clean so it won't affect your 
other systems.  One quickie *temporary* fix would be to block whole networks of 
DSL/Cable modems.  There are lists out there specifically for this--always-on 
broadband home PCs are a often the compromised sources of attacks.  
3.  third response: contact your upstream providers and ask them to take 
action.  They can apply filters, and apply pressure to their colos.
4.  make sure you have done your part: secure your network so it cannot be used 
for DOS attacks by applying egress filtration etc. ( 
http://www.sans.org/dosstep/ ); secure your hosts against future DOS attacks 
using things like mod_security and mod_evasive for Apache, tcplimit for 
IPTables, or etc.

One caveat: bandwidth flooding effects can be mitigated, but you can't really 
do anything about it other than contacting your upstream provider.  Until your 
provider does something, the bottleneck here is your uplink.

--Patrick Darden



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Mike Lyon
Sent: Monday, March 24, 2008 6:02 PM
To: NANOG
Subject: Mitigating HTTP DDoS attacks?



Howdy all,

So, i'm kind of new to this so please deal with my ignorance. But,
what is common practice these days for HTTP DDoS mitigation during an
attack? You can of course route every offending ip address to null0 at
your border. But, if it's a botnet or trojan or something, It's coming
from numerous different source IPs and Null0 routes can get very
cumbersome. obviously. How do you folk usually deal with this?

Any input would be greatly appreciated.

Cheers,
Mike

Re: rack power question

[Leigh Porter]

That would be pretty good. But seeing some of the disastrous cabling
situations it'd have to be made pretty idiot proof.

Nice double sealed idiot proof piping with self-sealing ends..

--
Leigh


--
Leigh

Alexander Harrowell wrote:
> I still think the industry needs to standardise water cooling to popularise
> it; if there were two water ports on all the pizzaboxes next to the RJ45s,
> and a standard set of flexible pipes, how many people would start using it?
> There's probably a medical, automotive or aerospace standard out there.
>
> On Tue, Mar 25, 2008 at 12:23 PM, Leigh Porter <[EMAIL PROTECTED]>
> wrote:
>
>   
>> $5
>>
>>
>> Adrian Chadd wrote:
>> 
>>> This thread begs a question - how much do you think it'd be worth to do
>>> things more efficiently?
>>>
>>>
>>>
>>>
>>> Adrian
>>>
>>>   
>
>   

Re: rack power question

[Alexander Harrowell]

A valve in the connector; has to be pushed in by the other connector to let
the water flow. Water pressure pushes it shut otherwise so it fails-safe.

On Tue, Mar 25, 2008 at 12:35 PM, Leigh Porter <[EMAIL PROTECTED]>
wrote:

>
> That would be pretty good. But seeing some of the disastrous cabling
> situations it'd have to be made pretty idiot proof.
>
> Nice double sealed idiot proof piping with self-sealing ends..
>
> --
> Leigh
>
>
> --
> Leigh
>
> Alexander Harrowell wrote:
> > I still think the industry needs to standardise water cooling to
> popularise
> > it; if there were two water ports on all the pizzaboxes next to the
> RJ45s,
> > and a standard set of flexible pipes, how many people would start using
> it?
> > There's probably a medical, automotive or aerospace standard out there.
> >
> > On Tue, Mar 25, 2008 at 12:23 PM, Leigh Porter <
> [EMAIL PROTECTED]>
> > wrote:
> >
> >
> >> $5
> >>
> >>
> >> Adrian Chadd wrote:
> >>
> >>> This thread begs a question - how much do you think it'd be worth to
> do
> >>> things more efficiently?
> >>>
> >>>
> >>>
> >>>
> >>> Adrian
> >>>
> >>>
> >
> >
>

Re: rack power question

[Dorn Hetzel]

It would sure be nice if along with choosing to order servers with DC or AC
power inputs one could choose air or water cooling.

Or perhaps some non-conductive working fluid instead of water.  That might
not carry quite as much heat as water, but it would surely carry more than
air and if chosen correctly would have more benign results when the
inevitable leaks and spills occur.

Of course, my chemistry is a little rusty, so I'm not sure about the
prospects for a non-toxic, non-flammable, non-conductive substance with
workable fluid flow and heat transfer properties :)

A close second might be liquid cooled air tight cabinets with the air/water
heat exchangers (redundant pair) at the bottom where leaks are less of an
issue (drip tray, anyone? :) )...

Less practical but more fun to contemplate would be data centers pressurized
with a working gas that offers better heat transfer than oxygen/nitrogen and
no oxidation potential.  Airlocks and suits for the techs, but no fire
worries ever.  Heck, just close the room and inject liquid nitrogen under
the raised floor to be scavenged overhead and re-compressed, chilled,
liquefied and sent round again.  Reserve cooling for power outages is just
huge dewars full of liquid nitrogen :)

Not so serious today,

-Dorn

On Tue, Mar 25, 2008 at 8:31 AM, Alexander Harrowell <[EMAIL PROTECTED]>
wrote:

> I still think the industry needs to standardise water cooling to
> popularise it; if there were two water ports on all the pizzaboxes next to
> the RJ45s, and a standard set of flexible pipes, how many people would start
> using it? There's probably a medical, automotive or aerospace standard out
> there.
>
>
> On Tue, Mar 25, 2008 at 12:23 PM, Leigh Porter <
> [EMAIL PROTECTED]> wrote:
>
> >
> >
> > $5
> >
> >
> > Adrian Chadd wrote:
> > > This thread begs a question - how much do you think it'd be worth to
> > do
> > > things more efficiently?
> > >
> > >
> > >
> > >
> > > Adrian
> > >
> >
>
>

Re: rack power question

[Chris Adams]

Once upon a time, Dorn Hetzel <[EMAIL PROTECTED]> said:
> Of course, my chemistry is a little rusty, so I'm not sure about the
> prospects for a non-toxic, non-flammable, non-conductive substance with
> workable fluid flow and heat transfer properties :)

Fluorinert - it worked (more or less) for the Cray Triton.
-- 
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

RE: rack power question

[John Lee]

Paul,
 
Using a multi-stage filter system with the large partical filters in front and 
an ionizing stage to remove smaller but still large enough particals to cause 
dust. Clean room filters would be an overkill.
 
John (ISDN) Lee



From: [EMAIL PROTECTED] on behalf of Paul Vixie
Sent: Tue 3/25/2008 2:17 AM
To: nanog@merit.edu
Subject: Re: rack power question




this has been, to me, one of the most fascinating nanog threads in years.

at the moment my own datacenter problem is filtration.  isc lives in a place
where outside air is quite cool enough for server inlet seven or more months
out of the year.  we've also got quite high ceilings.  a 2HP roof fan will
move 1 cubic feet per minute.  we've got enough make-up air for that.
but, the filters on the make-up air have to be cleaned several times a week,
and at the moment that's a manual operation.

mechanical systems, by comparison, only push 20% make-up air, and the filters
seem to last a month or more between maintainance events.  i'm stuck with the
same question that vexes the U S Army when they send the M1A1 into sandstorms,
or that caused a lot of shutdowns in NYC in the days after 9/11: what kind of
automation can i deploy that will precipitate the particulates so that air
can move (for cooling) and so that air won't bring grit (which is conductive)?
--
Paul Vixie

Re: Mitigating HTTP DDoS attacks?

[Steven M. Bellovin]

On Mon, 24 Mar 2008 23:13:25 -0400
"Rodrick Brown" <[EMAIL PROTECTED]> wrote:

> 
> They're a few companies that specialize in "DDOS protection type
> services" one company that comes to mind is Prolexic and their  IPN
> infrastructure protection service. Prolexic will basically absorbs all
> attacks filter out the bad data and then deliver clean traffic back to
> your network. Its completly transparent to you're clients. Its not
> cheap but i've worked with a few internet based trading companies who
> used this service to litigate DDOS attacks on their network
> infrastructure.
> 
Prolexic was indicted about 1.5 years ago for aiding gambling sites:

http://www.infoworld.com/article/06/11/15/HNnyillegalonlinegambling_1.html
http://www.firstamendment.com/media/NYQCIndictment.pdf

Does anyone know if the indictment has been dropped?  (It should be.)
A quick poke around their site didn't show any news items saying that.

--Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: rack power question

[Paul Vixie]

Matthew Crocker <[EMAIL PROTECTED]> wrote:

> Seal off the room so you can control your replacement air source.  Put a
> series of cyclone dust collectors (think huge Dyson Vacuum) on your inbound
> air.
> 
> http://www.proventilation.com/products/ProductsView.asp?page=1&gclid=CKyD04SRqJICFQUilgod-isIRg

neat stuff.  isc's neighbor has got one of these (for an industrial process).
they are noisy, and not 100% duty cycle rated, but it's an interesting idea.

> Then distribute your air through some electrostatic dust collectors
> 
> http://www.dustcollectorexperts.com/electrostatic/

two of the ESP Disadvantages listed on that page are fatal in my application:

o  High initial cost
o  Materials with very high or low resistivity
   are difficult to collect

however, this page also mentions "baghouse" filters, which i'd also heard in
a private reply, and am now investigating.

> Then run it through HEPA filters.

:-).  my servers don't have asthma.  HEPA is hellishly expensive, annually,
due to the number of filter replacements you need when the duty cycle is 100%.

> How do you manage your humidity when you are pulling in 1% humidity 30
> degree air?  It is more expensive to add water to the air then it is to cool
> it sometimes.

redwood city, california has signs over several streets leading to its oldtown
that say (and i'm not making this up) "climate best by government test".  what
this appears to mean is, we have about three 30F weeks per year, and we have
three four 100F weeks per year, and the rest of the time, it's between 50F and
70F, during which time the humidity is perfect for servers.

Re: rack power question

[Joe Abley]

On 25 Mar 2008, at 09:11 , Dorn Hetzel wrote:

It would sure be nice if along with choosing to order servers with  
DC or AC power inputs one could choose air or water cooling.


Or perhaps some non-conductive working fluid instead of water.  That  
might not carry quite as much heat as water, but it would surely  
carry more than air and if chosen correctly would have more benign  
results when the inevitable leaks and spills occur.


The conductivity of (ion-carrying) water seems like a sensible thing  
to worry about. The other thing is its boiling point.


I presume that the fact that nobody ever brings that up means it's a  
non-issue, but it'd be good to understand why.


Seems to me that any large-scale system designed to distribute water  
for cooling has the potential for hot spots to appear, and that any  
hot spot that approaches 100C is going to cause some interesting  
problems.


Wouldn't some light mineral oil be a better option than water?


Joe

Re: rack power question

[Justin Shore]

Dorn Hetzel wrote:
Of course, my chemistry is a little rusty, so I'm not sure about the 
prospects for a non-toxic, non-flammable, non-conductive substance with 
workable fluid flow and heat transfer properties :)


Mineral oil?  I'm not sure about the non-flammable part though.  Not all 
oils burn but I'm not sure if mineral oil is one of them.  It is used 
for immersion cooling though.


Justin

RE: rack power question

[Ben Butler]

While it has the potential to catch fire - it does however work fine in my
car engine. 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Justin Shore
Sent: 25 March 2008 14:20
To: Dorn Hetzel
Cc: nanog list
Subject: Re: rack power question


Dorn Hetzel wrote:
> Of course, my chemistry is a little rusty, so I'm not sure about the 
> prospects for a non-toxic, non-flammable, non-conductive substance 
> with workable fluid flow and heat transfer properties :)

Mineral oil?  I'm not sure about the non-flammable part though.  Not all
oils burn but I'm not sure if mineral oil is one of them.  It is used for
immersion cooling though.

Justin



smime.p7s
Description: S/MIME cryptographic signature

Re: rack power question

[Patrick Shoemaker]

Joe Abley wrote:



On 25 Mar 2008, at 09:11 , Dorn Hetzel wrote:

It would sure be nice if along with choosing to order servers with DC 
or AC power inputs one could choose air or water cooling.


Or perhaps some non-conductive working fluid instead of water.  That 
might not carry quite as much heat as water, but it would surely carry 
more than air and if chosen correctly would have more benign results 
when the inevitable leaks and spills occur.


The conductivity of (ion-carrying) water seems like a sensible thing to 
worry about. The other thing is its boiling point.


I presume that the fact that nobody ever brings that up means it's a 
non-issue, but it'd be good to understand why.


Seems to me that any large-scale system designed to distribute water for 
cooling has the potential for hot spots to appear, and that any hot spot 
that approaches 100C is going to cause some interesting problems.


Wouldn't some light mineral oil be a better option than water?


Joe



With IT systems, the equipment being cooled would likely reach thermal
overload and trip offline before the cooling water could flash to steam.
 Of course a properly designed system would have relief valves anyway.

One problem with mineral oil is the specific heat. Water has a specific
heat of 4.19 kJ/kg-degC. Light mineral oil is 1.67 kJ/kg-degC. That
means much higher mass flow rates (bigger pumps, tubing, more
dynamichead loss, etc) for oil than water to transfer the same amount of
heat. Oh, and if you want to see whether mineral oil burns, check out
this video: http://www.youtube.com/watch?v=YZipeaAkuC0 (that transformer
is filled with mineral oil).

Sun has some good concepts going with its green datacenter initiative.
Their approach of using extremely scalable power and cooling
distribution systems that are customizable at the rack level allows for
a wide variety of densities and configurations throughout the room.
Check out the tour at this link:

http://www.sun.com/aboutsun/environment/green/datacenter.jsp


--
Patrick Shoemaker
President, Vector Data Systems LLC
[EMAIL PROTECTED]
office: (301) 358-1690 x36
mobile: (410) 991-5791
http://www.vectordatasystems.com

RE: rack power question

[Alex Rubenstein]

Well, seeing as that most pad mounted transformers use mineral oil as a
heat transfer agent (in applications up to and exceeding 230kv), I don't
suspect it is of issue.

However, we've all seen nice transformer fires.


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Justin Shore
> Sent: Tuesday, March 25, 2008 10:20 AM
> To: Dorn Hetzel
> Cc: nanog list
> Subject: Re: rack power question
> 
> 
> Dorn Hetzel wrote:
> > Of course, my chemistry is a little rusty, so I'm not sure about the
> > prospects for a non-toxic, non-flammable, non-conductive substance
> with
> > workable fluid flow and heat transfer properties :)
> 
> Mineral oil?  I'm not sure about the non-flammable part though.  Not
all
> oils burn but I'm not sure if mineral oil is one of them.  It is used
> for immersion cooling though.
> 
> Justin

Re: rack power question

[Brian Raaen]

Russia (or the USSR at that time) used to use liquid graphite to cool their 
nuclear reactors, even thought it was flammable of course that was what 
they were using in Chernobyl. 


-- 
Brian Raaen
Network Engineer
[EMAIL PROTECTED]

On Tuesday 25 March 2008, you wrote:
> 
> Dorn Hetzel wrote:
> > Of course, my chemistry is a little rusty, so I'm not sure about the 
> > prospects for a non-toxic, non-flammable, non-conductive substance with 
> > workable fluid flow and heat transfer properties :)
> 
> Mineral oil?  I'm not sure about the non-flammable part though.  Not all 
> oils burn but I'm not sure if mineral oil is one of them.  It is used 
> for immersion cooling though.
> 
> Justin
> 
>

Re: rack power question

[Alexander Harrowell]

Question: what worries you more, fire or leaks?

On Tue, Mar 25, 2008 at 3:06 PM, Ben Butler <[EMAIL PROTECTED]>
wrote:

>
> While it has the potential to catch fire - it does however work fine in my
> car engine.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Justin Shore
> Sent: 25 March 2008 14:20
> To: Dorn Hetzel
> Cc: nanog list
> Subject: Re: rack power question
>
>
> Dorn Hetzel wrote:
> > Of course, my chemistry is a little rusty, so I'm not sure about the
> > prospects for a non-toxic, non-flammable, non-conductive substance
> > with workable fluid flow and heat transfer properties :)
>
> Mineral oil?  I'm not sure about the non-flammable part though.  Not all
> oils burn but I'm not sure if mineral oil is one of them.  It is used for
> immersion cooling though.
>
> Justin
>
>

RE: rack power question

[Ryan Otis]

I think the modern equivalent is HFE, manufactured by 3M; HFE-7100 is
commonly used in the ATE industry for liquid cooling of test heads.  It
is designed for very low temperatures (-135degC to 61degC) so it might
not be suitable for general datacenter use.  HFE-7500 looks like a
better fit. (-100degC to 130degC)



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Chris Adams
Sent: Tuesday, March 25, 2008 6:38 AM
To: nanog list
Subject: Re: rack power question


Once upon a time, Dorn Hetzel <[EMAIL PROTECTED]> said:
> Of course, my chemistry is a little rusty, so I'm not sure about the 
> prospects for a non-toxic, non-flammable, non-conductive substance 
> with workable fluid flow and heat transfer properties :)

Fluorinert - it worked (more or less) for the Cray Triton.
--
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administrator - HiWAAY Internet Services I don't
speak for anybody but myself - that's enough trouble.

Re: rack power question

[Marshall Eubanks]

On Mar 25, 2008, at 11:15 AM, Brian Raaen wrote:


Russia (or the USSR at that time) used to use liquid graphite to  
cool their
nuclear reactors, even thought it was flammable of course that  
was what

they were using in Chernobyl.



The RBMK-1000 used graphite for moderation and water for cooling.

Regards
Marshall



--
Brian Raaen
Network Engineer
[EMAIL PROTECTED]

On Tuesday 25 March 2008, you wrote:


Dorn Hetzel wrote:

Of course, my chemistry is a little rusty, so I'm not sure about the
prospects for a non-toxic, non-flammable, non-conductive  
substance with

workable fluid flow and heat transfer properties :)


Mineral oil?  I'm not sure about the non-flammable part though.   
Not all

oils burn but I'm not sure if mineral oil is one of them.  It is used
for immersion cooling though.

Justin

RE: rack power question

[Ray Burkholder]

Dorn Hetzel wrote:
> Of course, my chemistry is a little rusty, so I'm not sure about the
> prospects for a non-toxic, non-flammable, non-conductive substance
> with workable fluid flow and heat transfer properties :)

For some of us over-the-edge pc enthusiasts, we use a non-conductive heat
transfer fluid for 'water-cooling' our over-clocked cpus:

http://www.dangerden.com/store/home.php?cat=63. If you buy it in gallons,
I'm sure you'll get a better price.  If I recall, conductivity is somewhat
less than water, but still good enough to do the job.  I have a solution in
place that has been running continuously for two or three years now.  By
distributing the heat to larger slower fans, my room is quieter.   If I was
really inclined, I could put the fans out my window and have practically
dead silence, if it wasn't for the power supply fan.

 Another poster mentioned dripless quick-disconnects.  They do exist.


-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.

Re: rack power question

[Paul Vixie]

[EMAIL PROTECTED] (Adrian Chadd) writes:

> This thread begs a question - how much do you think it'd be worth to do
> things more efficiently?

this is a strict business decision involving sustainability and TCO.  if it
takes one watt of mechanical to transfer heat away from every watt delivered,
whereas ambient air with good-enough filtration will let one watt of roof fan
transfer the heat away from five delivered watts, then it's a no-brainer.  but
as i said at the outset, i am vexed at the moment by the filtration costs.
-- 
Paul Vixie

RE: rack power question

[michael.dillon]

>  Or perhaps some non-conductive working fluid instead of water.   
>  That might not carry quite as much heat as water, but it would surely

>  carry more than air and if chosen correctly would have more benign
results  
>  when the inevitable leaks and spills occur.  
 
HCFC-123 is likely what would be used, which means that you would want
to limit the amount of time that you spend inside the data center
because, with the large number of connections in the facility, leaks
will be inevitable and inhaling the gas causes liver damage.
 
Essentially, you are saying that we should get rid of chillers and turn
the entire data center into a giant chiller. Instead of being a building
with rooms and equipment, the data center becomes a machine and humans
only venture inside when the machine is shut down for maintenance. 
 
>  Less practical but more fun to contemplate would be data centers
pressurized  
>  with a working gas that offers better heat transfer than
oxygen/nitrogen and no  
>  oxidation potential.  Airlocks and suits for the techs, but no fire
worries ever.   
>  Heck, just close the room and inject liquid nitrogen under the raised
floor to be  
>  scavenged overhead and re-compressed, chilled, liquefied and sent
round again.  
>  Reserve cooling for power outages is just huge dewars full of liquid
nitrogen :)

 >  Not so serious today,
 
Why not? If you take your pressurized liquid nitrogen scenario and turn
it inside out, then it might well be workable and there would be no need
for suits. For instance, imagine a cylinder containing the liquid nitro
cooling (liquid air might be cheaper) with devices attached all around
like the petals on a flower. Each device has heat exchangers for cooling
the hottest parts (CPUs) and the heat exchangers are attached to the
cooling cylinder. With continued increase in density of cores, this
could be feasible. In essence it would be a kind of blade server with
the cooling and backplane in a central cylinder. Added benefits might
come from supercooling the backplane.
 
Consider what is happening beyond the consumer dual and 8-core (PS3)
machines. 


 
--Michael Dillon
 

Re: Mitigating HTTP DDoS attacks?

[Paul Wall]

On 3/25/08, Peter Dambier <[EMAIL PROTECTED]> wrote:
>
>
> proc2pl might get you ideas, from the ISAON tools on


You know, for the last year or two I've heard you go on and on about IASON.
A few months ago I actually did download it and the only thing I can find in
it is an assortment of scripts to manage DNS zone files. I don't see
anything in there about auto detecting the network, automatically blocking
DDoS or any of the other artificial intelligence you purport it has.

Peter and Karin Dambier


I'm not sure how to interpret this. Are Peter & Karin the same person? You
be the judge.

http://wiki.piratenpartei.de/images/3/39/KarinPeter.jpg

Cesidian Root - Radice Cesidiana


Google searches on Cesidian Root reveal a rather scruffy man running this
alternative root out of Long Island, fighting for
secession from the United States. I'm sure Most Rev. Dr. Cesidio Tallini,
BS, PhD hc, CPC, RH-INHA, APP, AMBCS, MMPR, OEMTDV will get there, one day.

http://www.cesidianroot.com/
>

You might want to have the reverend doctor contact customer care, as the
website suggests. It seems the website is down.

Re: rack power question

[Joel Jaeggli]

Brian Raaen wrote:
Russia (or the USSR at that time) used to use liquid graphite to cool their 
nuclear reactors, even thought it was flammable of course that was what 
they were using in Chernobyl. 


This has diverged far enough that it's now off the topic of cooling. The 
 melting point of carbon however is 3800k...


you can get it to ignite in graphite form at roughly half that.

Re: rack power question

[paul]

forwarded with permission.

> From: "Bob Bradlee" <[EMAIL PROTECTED]>
> To: "Paul Vixie" <[EMAIL PROTECTED]>
> Date: Tue, 25 Mar 2008 11:16:17 -0400
> X-Mailer: PMMail 2000 Professional (2.20.2717) For Windows 2000 (5.1.2600;2)
> Subject: Re: rack power question
> 
> On 25 Mar 2008 06:17:15 +, Paul Vixie wrote:
> 
> >this has been, to me, one of the most fascinating nanog threads in years.
> 
> >at the moment my own datacenter problem is filtration.  isc lives in a
> >place where outside air is quite cool enough for server inlet seven or more
> >months out of the year.  we've also got quite high ceilings.  a 2HP roof
> >fan will 
> 
> Point taken, and I agree ...
> 
> May I suggest we, make that the collective we, take all that extra floor
> space that we don't have power for anywaydue to all the new blades servers
> that need the cooling and put it to good use as a dust or (not so clean)
> clean room to lower your cooling and cleaning costs.
> 
> I worked on a project many years ago where "they" had built a big dust
> collection room as an air scrubber for the computer room and some labs.
> 
> Outside air and inside return air was brought in and mixed to an optimun
> temp for the season at one end of a very long, very tall, very large, not so
> clean, room sized dust collector they called the "clean room".  On the far
> wall was an array of low cost filters that fed the HVAC cold air return
> path.
> 
> Because the room was very large with a small inlet and a huge filtered
> outlet wall.  The air in the room stayed at a low pressure and was slowly
> exhausted from the area at a very slow surface velocity.  The vast majority
> of the dust and just about all of the grit just fell out of the air onto the
> floor where it could be cleaned up with a big shopvac or a snow shovel if I
> had my way :-).
> 
> Because most of the particulate matter hit the floor before it got to the
> filters, the filter wall lasted many months vs the previous few weeks
> between cleaning before the dust room was built. The "normal" filters in the
> HVAC system had quality HEPA filters and rarely needed to be changed because
> the air was being so well precleaned in the (not so) clean room long before
> it ever got to the HVAC system.
> 
> I was told me that what I was looking at was the second version, about twice
> the cubic feet as the origional halway they first used. The filters now
> lasted almost twice as long and they were moving much more air.
> 
> The dust room I saw was very tall, I think 10 or 12 foot to the roof, it was
> also very long over 30+ feet as I remember, but was limited to about 8 or 10
> feet wide (for other reasons). The filters used on the back wall were
> designed to be used in the back wall of an auto paint booth and were low
> cost and could be washed.  Now that I think about it I expect the width was
> determined by the size of the filter rack. I was told that before
> remodeling, version one started as a long wide hallway that was off sealed
> off and used as a big cold air return, using the old double doors on one end
> as the "filter rack". I worked so well that when they remodeled, the hall
> was widened and was opened up so that the cubic area of the low pressure
> area could be maximized.
> 
> What made it work was, the fact that small inlet vs a large outlet creates
> low pressure in a large area.  A long run of slow moving air in low pressure
> will drop its dust and grit along the way, long before it gets a chance to
> plugged up the filters. Think of it as a room size shopvac or a big Dysen
> vacuum cleaner. :)
> 
> I was told by the operator it worked better than he thought it would, and if
> he was to build it again he would have wasted more floor space and made it
> wider but could not justify the Sqfoot cost at that time. If he was
> designing from scrach at todays energy costs, it would feed the whole
> building not just the computer room and labs.
> 
> He pointed out that while increased room height increased the cubic feet and
> reduced pressure allowing more particulate to fall per SQfoot, increasing
> the floor area was the same as increasing the effective filter area while
> also reducing the static pressure in the room, win win.
> 
> Bottom line, the bigger the better, make a dust room big enough you might
> not need filters :-).
> 
> Got a back room, you can seal up, or some unimproved space you can convert
> into a home built open air scrubber ?
> 
> I have seen it work . and it has been working for many years  
> Sorry I just can't tell you where, or I would have to kill you :-)
> 
> Bob Bradlee
> 614-xxx-
> 
> PS. As I can not post to this list from this address, feel free to reply on
> list if you think others might like to chime in.

Re: rack power question

[Leigh Porter]

Joel Jaeggli wrote:
>
> Brian Raaen wrote:
>> Russia (or the USSR at that time) used to use liquid graphite to cool
>> their nuclear reactors, even thought it was flammable of course
>> that was what they were using in Chernobyl. 
>
> This has diverged far enough that it's now off the topic of cooling.
> The  melting point of carbon however is 3800k...
>
> you can get it to ignite in graphite form at roughly half that.
>
>>
The graphite was used as a moderator not as a coolant.

--
Leigh

Re: rack power question

[chuck goolsbee]

i am vexed at the moment by the filtration costs.


What is it that is clogging your filters? Dust? Pollen? Small animals??

We're in a similar situation to you, though even 
better as we're blessed by even cooler ambients 
and never see 100°F, or even close to it. So 
we're using make-up air 12 months of the year and 
really only go fully mechanical in cooling on 
summer afternoons.


We change our filters monthly most of the year, 
and in spring when the pollen count skyrockets we 
change from box-pleat to bag filters and change 
them every week or so.


Dust is never an issue up here... it rains way too much.

--chuck @ d.f in seattle

Re: rack power question

[Alexander Harrowell]

We'll need non-returns in there as well, to limit the maximum possible
spillage. More seriously, the energy-efficiency community has a whole design
approach for industrial facilities called "Factor 10 Engineering" which is
about saving heat or cooling by using the shortest, straightest, fattest
pipes you can at any point. You'd probably want to keep the flexible "water
over ethernet" pipes to a minimum; have a pair of bigger risers per rack and
tap into those.

On Tue, Mar 25, 2008 at 3:14 PM, Christopher LILJENSTOLPE <[EMAIL PROTECTED]>
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Provided the brilliant tech didn't forget to remove the grit from the
> connector on the pizzabox that then gets in the said valve and wedges
> it open. :)  Remember folks, someone will always make "brighter"
> remote hands
>
> In principal, though, I like it.
>
>Chris
>
> On 25 Mar 2008, at 06.08, Alexander Harrowell wrote:
> > A valve in the connector; has to be pushed in by the other connector
> > to let the water flow. Water pressure pushes it shut otherwise so it
> > fails-safe.
> >
> > On Tue, Mar 25, 2008 at 12:35 PM, Leigh Porter <
> [EMAIL PROTECTED]
> > > wrote:
> >
> > That would be pretty good. But seeing some of the disastrous cabling
> > situations it'd have to be made pretty idiot proof.
> >
> > Nice double sealed idiot proof piping with self-sealing ends..
> >
> > --
> > Leigh
> >
> >
> > --
> > Leigh
> >
> > Alexander Harrowell wrote:
> > > I still think the industry needs to standardise water cooling to
> > popularise
> > > it; if there were two water ports on all the pizzaboxes next to
> > the RJ45s,
> > > and a standard set of flexible pipes, how many people would start
> > using it?
> > > There's probably a medical, automotive or aerospace standard out
> > there.
> > >
> > > On Tue, Mar 25, 2008 at 12:23 PM, Leigh Porter <
> [EMAIL PROTECTED]
> > >
> > > wrote:
> > >
> > >
> > >> $5
> > >>
> > >>
> > >> Adrian Chadd wrote:
> > >>
> > >>> This thread begs a question - how much do you think it'd be
> > worth to do
> > >>> things more efficiently?
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> Adrian
> > >>>
> > >>>
> > >
> > >
> >
>
> - ---
> 李柯睿
> Check my PGP key here:
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B
>
>
>
>
> -BEGIN PGP SIGNATURE-
>
> iQEcBAEBAgAGBQJH6RboAAoJEGmx2Mt/+Iw/O/UIAIEWSjeRr0mEcUNXoclxefEG
> 4k7VjzoGLCBKlven62DwKXcFInBsGaaHXQyZH8vIKiraeh9JYFXo5wLotgO4bjYk
> vV0l7Sd3iLpueDzFLbho3YWAcCh52dmLbZRn31L3/eSoNivagQKBruIy8WQmgJIt
> 54/KiBIr7PUQXFYqA4kwiWnkOAZ+DfpGcfKY/LRhksGltVFW5N+X8FKSvlIR/ZjK
> Ka+omSh2ccUNpD5Y6Iwa+KkAYulEnus5i1pzA07rz0YKxkIfXpPnadlMmdFJJiYo
> wOqwIUVcjQQ2aruANKyXBnkWcTTD228xc06KgLLJToNjVY9XeOeJqQOxF6mNglc=
> =+lj0
> -END PGP SIGNATURE-
>

Re: rack power question

[Deepak Jain]

There are vendors working on this, but the point here is that unlike the 
medical, automotive or aerospace industries Computing (in general) 
platforms aren't regulated the same way... you won't see random gear 
hanging off the inside of an MRI (in general), or in an airplane, etc.


Computer vendors make lots of random sizes and depths of boxes. Want to 
get really ambitious? Let's find a set of rails that works with all 
rackmountable equipment and cabinets before we get crazy with the water 
cooling.


The point is that water has lots of issues. Water quality being one of 
them. Its fine to "toy" with water cooling a home clocked-up PC. When 
you have experience water cooling mainframes or using large chiller 
plants (1000+ tons) for years on end, there is a lot of discipline 
required to "do it right" -- a discipline that many shops and operators 
haven't needed up to this point.


Deepak Jain
AiNET

Alexander Harrowell wrote:
I still think the industry needs to standardise water cooling to 
popularise it; if there were two water ports on all the pizzaboxes next 
to the RJ45s, and a standard set of flexible pipes, how many people 
would start using it? There's probably a medical, automotive or 
aerospace standard out there.

Re: rack power question

[Michael Holstein]

Mineral oil?  I'm not sure about the non-flammable part though.  Not 
all oils burn but I'm not sure if mineral oil is one of them.  It is 
used for immersion cooling though.


It burns quite well .. 
http://video.aol.com/video-detail/transformer-explosion/1599831229


Cheers,

Michael Holstein
Cleveland State University

Re: rack power question

[Petri Helenius]

Paul Vixie wrote:


this is a strict business decision involving sustainability and TCO.  if it
takes one watt of mechanical to transfer heat away from every watt delivered,
whereas ambient air with good-enough filtration will let one watt of roof fan
transfer the heat away from five delivered watts, then it's a no-brainer.  but
as i said at the outset, i am vexed at the moment by the filtration costs.
  
Have you made any calculations if geo-cooling makes sense in your region 
to fill in the hottest summer months or is drilling just too expensive 
for the return?


Pete

Re: rack power question

[Paul Vixie]

> Have you made any calculations if geo-cooling makes sense in your region to
> fill in the hottest summer months or is drilling just too expensive for the
> return?

i'm too close to san francisco bay.

Re: rack power question

[William Herrin]

On Tue, Mar 25, 2008 at 5:00 PM, Paul Vixie <[EMAIL PROTECTED]> wrote:
>
>  > Have you made any calculations if geo-cooling makes sense in your region to
>  > fill in the hottest summer months or is drilling just too expensive for the
>  > return?
>
>  i'm too close to san francisco bay.

Paul,

Why is that bad? I thought ground-source HVAC systems worked better if
the ground was saturated with water. Better thermal conductivity than
dry soil.

My problem finding someone to install a ground-source system was that
everyone for miles is on city water. You have to be able to drill a
hole in the ground and the folks familiar with well-drilling equipment
are three hours away.

Regards,
Bill Herrin



-- 
William D. Herrin  [EMAIL PROTECTED] [EMAIL PROTECTED]
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: rack power question

[Paul Vixie]

> >  i'm too close to san francisco bay.
> 
> Why is that bad? I thought ground-source HVAC systems worked better if
> the ground was saturated with water. Better thermal conductivity than
> dry soil.

aside from the corrosive nature of the salt and other minerals, there is an
unbelievable maze of permits from various layers of government since there's
a protected marshland as well as habitat restoration within a few miles.  i
think it's safe to say that Sun Quentin could not be built under current
rules.

> My problem finding someone to install a ground-source system was that
> everyone for miles is on city water. You have to be able to drill a
> hole in the ground and the folks familiar with well-drilling equipment
> are three hours away.

i could drill in the warehouse, i suppose, and truck the slurry out by night.

Re: 10GE router resource

[Robert Boyle]

At 09:44 PM 3/25/2008, you wrote:
On Tue, Mar 25, 2008 at 1:59 PM, Chris Grundemann 
<[EMAIL PROTECTED]> wrote:

> Greg has laid out a great bit of information and I would like to add just
> one possibility to the list of budget 10GE routers: Vyatta.  According to a
> recent press release from that company
> (http://www.vyatta.com/about/pressreleases.php?id=51) they offer a product
> that is "2 to 3X higher performance at a cost savings of more than 75
> percent" when compared to Cisco's 7200.  Unfortunately I have not had the

when did the 7200 go 10ge?


Shh... It's a secret and hasn't been released yet. We have have a few 
NPE-40Gs with four 10G XFP interfaces. ;) Nah... I'm just wishing...


-Robert


Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin

Re: rack power question

[Petri Helenius]

Paul Vixie wrote:


aside from the corrosive nature of the salt and other minerals, there is an
unbelievable maze of permits from various layers of government since there's
a protected marshland as well as habitat restoration within a few miles.  i
think it's safe to say that Sun Quentin could not be built under current
rules.
  
The ones I have are MDPE (Medium Density Polyethylene) and I haven't 
understood that the plastic would have corrosive features. Obviously it 
can come down to regulation depending on what you use as a cooling agent 
but water is very effective if there is no fear of freezing (I use 
ethanol for that reason). The whole system is closed circuit, I'm not 
pumping water out of the ground but circulating the ethanol in the 
vertical ground piping of approximately 360 meters. The amount of slurry 
that came out of the hole was in order of 5-6 cubic meters. Cannot 
remember exactly what the individual parts cost but the total investment 
was less than $10k. (drilling, piping, circulation, air chiller, fluids, 
etc.) for a system with somewhat over 4kW of cooling capacity. (I'm 
limited by the airflow, not by the ground hole if the calculations prove 
correct)


Pete