|
Resent because of wrong "From" header
---------- Forwarded message ----------
Date: Mon, 10 Dec 2001 18:14:00 +0100
From: Radu-Adrian Feurdean <raf@xxxxxxxx>
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: SYN floods and LVS-NAT CPU Load
On 2001.12.10 17:50 Fabrice wrote:
> Julian's setup: "My tests show that I can't see a visible
> difference. We are talking
> about 110,000 SYN packets/sec with 10 pseudo clients and same
> cpu idle during
> the tests (there is not enough client power in my setup for
> full test), 2 CPUx 866MHz,
> 2 100mbit internal i82557/i82558 NICs, switched hub".
100000000 bitspsesec / 800 bitsperpacket = 125000 packetspersec
syn-only packets encapsulated in ethernet frames are smaller than 800
bits, and ethernet devices CAN get at full capacity (not very often,
but possible).
>
> I tought that FastEthernet was limited to about 8000 packets per
> seconds. How is it possible,
> even with 2 NICs, to reach 110'000 SYN packets per seconds? Is the
> testlvs program run
> directly on the LVS box?
the 8000 packets per second refers to full-length packets. It is not
the case with SYN packets.
> How to bypass this limitation? Gigabit Ethernet cards/network?
see above.
> I saw many times that the LVS-NAT requires a lot more computing power
> than DR and TUN,
> but my Pentium 166 / 60MB RAM director seems to be able to handle
> quite some traffic.
> I couldn't test at 100Mbps (because I have only 2 P166 Real Servers)
> but the load, even
> during the "testlvs" load, was only going up to about 10%
> (System/Kernel load).
Forwarded LVS/NAT traffic may me impressive given good network cards
and a machine doing only LVS/NAT forwarding. no filtering, no ther
things.
>
> Radu-Adrian's mail (about Tiscali's LVS) was saying that they mesured
> the load and came
> to a "formula" that looked like this (For PIII @ 866MHz):
>
> CPU_Load[%] = 0.92 * Traffic[Mbps]
with not the best network cards, heavy packet filtering(with connection
tracking and masquerade) and occasionally traffic control active. And
an average packet size of 750 to 850 bytes.
>
> So for my 25Mbps traffic, that would mean a load of 23% for a PIII @
> 866MHz, I let you convert
> that for a P166 :)
It will die instantly :)
> Were they using a 2.2 kernel, and is there such a difference in
> performance between 2.2 and
> 2.4 kernels?
2.4 kernel
>
> In the LVS-HOWTO, at the same paragraph as above (12.14), Julian says
> that TUN and NAT
> overhead is negligeable?
nothing is negligeable if it has to be done LOTS of times per second.
The above formula shows how some negligeable things added together may
lead the machine to high processor usage :)
--
Radu-Adrian Feurdean
mailto: raf (a) chez.com
----------------------------------------------------------
"The use of COBOL cripples the mind; its teaching should, therefore, be
regarded as a criminal offense." (Dijkstra)
|
