This is definitely worst-case, it's simulating a DDoS attack at the
network. What is really surprising is that just 1mbps of traffic is able
to kill a 6.x box doing routing. If it were, say, 600mbps that I'd
understand as you're pushing over a million PPS. But 1mbps? :-\
Freddie Cash wrote
On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote:
> Send a flood of 60 byte syn packets with the tcp sack option thru
> it and check out what happens. It's pretty weird and I can't explain
> why. If you block the packets on the box via ipfw it's fine, the second
> it has to make a
Send a flood of 60 byte syn packets with the tcp sack option thru it
and check out what happens. It's pretty weird and I can't explain why.
If you block the packets on the box via ipfw it's fine, the second it
has to make a routing decision everything goes out the window, it seems.
There's
On Thursday 15 February 2007 11:43 am, Justin Robertson wrote:
> Playing with these sysctl values made 0 difference - what's supposed
> to happen???
>
> Another scary discovery - if you've got 6.2 setup to route, even with
> static routes, 1Mbps of TCP SYN traffic will cause it to start droppin
Playing with these sysctl values made 0 difference - what's supposed
to happen???
Another scary discovery - if you've got 6.2 setup to route, even with
static routes, 1Mbps of TCP SYN traffic will cause it to start dropping
packets in every direction. Awesome. Methinks I'll be using 4.11 for
