On 15/02/07, Justin Robertson <[EMAIL PROTECTED]> wrote:
This is definitely worst-case, it's simulating a DDoS attack at the
network. What is really surprising is that just 1mbps of traffic is able
to kill a 6.x box doing routing. If it were, say, 600mbps that I'd
understand as you're pushing o
Sack was never enabled, the packets in the flood had sack set.
rtmaxcache was default, what made you think I had changed it? I was not
running SMP, as I explained.
More over suggestions to do ether.ipfw result in terrible performance,
etc. A 4.11 bridge and 4.11 router in series move all
Hi,
if you disable sack, what's happend?
(sysctl net.inet.tcp.sack.enable=0)
(Are Memory and cpu OK?)
For route problem you can set this to a low value, for example 10
sysctl net.inet.ip.rtexpire: 10
See
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html
Why
This is definitely worst-case, it's simulating a DDoS attack at the
network. What is really surprising is that just 1mbps of traffic is able
to kill a 6.x box doing routing. If it were, say, 600mbps that I'd
understand as you're pushing over a million PPS. But 1mbps? :-\
Freddie Cash wrote
On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote:
> Send a flood of 60 byte syn packets with the tcp sack option thru
> it and check out what happens. It's pretty weird and I can't explain
> why. If you block the packets on the box via ipfw it's fine, the second
> it has to make a
Send a flood of 60 byte syn packets with the tcp sack option thru it
and check out what happens. It's pretty weird and I can't explain why.
If you block the packets on the box via ipfw it's fine, the second it
has to make a routing decision everything goes out the window, it seems.
There's
On Thursday 15 February 2007 11:43 am, Justin Robertson wrote:
> Playing with these sysctl values made 0 difference - what's supposed
> to happen???
>
> Another scary discovery - if you've got 6.2 setup to route, even with
> static routes, 1Mbps of TCP SYN traffic will cause it to start droppin
ling configuration:
kern.clockrate
kern.polling.burst_max
increase for high rate of small packets on GE
Alessandro
Date: Wed, 07 Feb 2007 01:37:00 -0800
From: Justin Robertson <[EMAIL PROTECTED]>
Subject: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
To: freebsd-pe
x
increase for high rate of small packets on GE
Alessandro
Date: Wed, 07 Feb 2007 01:37:00 -0800
From: Justin Robertson <[EMAIL PROTECTED]>
Subject: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
To: freebsd-performance@freebsd.org
Message-ID: <[EMAIL PROTECT
kern.polling.burst_max
increase for high rate of small packets on GE
Alessandro
> Date: Wed, 07 Feb 2007 01:37:00 -0800
> From: Justin Robertson <[EMAIL PROTECTED]>
> Subject: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
> To: freebsd-performance@freebsd.org
>
It was suggested I post this to freebsd-performance, it's already in
questions, isp, and net.
I've been running some tests with using FreeBSD to filter and rate limit
traffic. My first thoughts were to goto the latest stable release, which
was 6.1 at the time. I've since done the same test un
11 matches
Mail list logo
