|
Hello,
On Thu, 23 Nov 2000, ratz wrote:
> > > How big are the packets?
> >
> > It is testLVS, that means you send only syn-packets, and the server
> > rejects them.
>
> Julian, does tcp_max_syn_backlog with enabled tcp_syncookies have any
> impact on the timeout_synack or are they handled differently.
Yes, it seems there is one trick here. If you enable the rp_filter
for the indev in the real server the packets with saddr from the rejected
network are treated as source martians. But with rp_filter=0 route -Cn
shows that an incoming route is created in the routing cache, so it seems
this packet reaches the inqueue. This can be a good reason the syn backlog
to overflow. So, the recommendations is: don't enable the SYN cookies in
this test, of course, if you don't want to test the SYN cookies support.
And rp_filter=1 can help to drop the packets faster. Then you don't need
to alter any tcp settings.
So,
{all,eth0}/rp_filter=1
or
rp_filter=0 => tcp_syncookies=0
> Best regards,
> Roberto Nibali, ratz
Regards
--
Julian Anastasov <ja@xxxxxx>
|
