|
Hello,
I made some tests and have some questions (2.4.16 + LVS 0.9.7, ipvsadm 1.20).
Syn Floods:
===========
I was testing my LVS-NAT system against SYN floods with Julian's testlvs
program.
At the paragraph 12.14 from the LVS-HOWTO, they are talking about sending
80'000 or
110'000 SYN per seconds over a 100 Mbps Ethernet network.
Julian's setup: "My tests show that I can't see a visible difference. We
are talking
about 110,000 SYN packets/sec with 10 pseudo clients and same cpu idle
during
the tests (there is not enough client power in my setup for full test), 2
CPUx 866MHz,
2 100mbit internal i82557/i82558 NICs, switched hub".
I tought that FastEthernet was limited to about 8000 packets per seconds.
How is it possible,
even with 2 NICs, to reach 110'000 SYN packets per seconds? Is the testlvs
program run
directly on the LVS box?
How to bypass this limitation? Gigabit Ethernet cards/network?
LVS-NAT CPU Load:
=================
I saw many times that the LVS-NAT requires a lot more computing power than
DR and TUN,
but my Pentium 166 / 60MB RAM director seems to be able to handle quite
some traffic.
I couldn't test at 100Mbps (because I have only 2 P166 Real Servers) but
the load, even
during the "testlvs" load, was only going up to about 10% (System/Kernel
load).
Radu-Adrian's mail (about Tiscali's LVS) was saying that they mesured the
load and came
to a "formula" that looked like this (For PIII @ 866MHz):
CPU_Load[%] = 0.92 * Traffic[Mbps]
So for my 25Mbps traffic, that would mean a load of 23% for a PIII @
866MHz, I let you convert
that for a P166 :)
Were they using a 2.2 kernel, and is there such a difference in performance
between 2.2 and
2.4 kernels?
In the LVS-HOWTO, at the same paragraph as above (12.14), Julian says that
TUN and NAT
overhead is negligeable?
Thanks a lot for your answers :)
Fabrice Bucher
|
