Re: SYN floods and LVS-NAT CPU Load

To:	Fabrice <fabrice@xxxxxxxxxx>
Subject:	Re: SYN floods and LVS-NAT CPU Load
Cc:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Tue, 11 Dec 2001 02:30:33 +0000 (GMT)

        Hello,

On Mon, 10 Dec 2001, Fabrice wrote:

> For example, you mean that you can put 25 "60 bytes SYN packets"
> into one Ethernet frame? So you have about 8000*25 = 200'000 SYN
> packets/s? Are you sure? :)

        No, the packets don't have fixed length. With a maximal
rate according to the standard (10/100/1000) you can send small
number of big packets or many small packets.

> I have only 1 client (PIII 500, 128MB RAM), but I can't send more than
> about 2000 SYN packets/s, with peaks at 8000 (reported on the director
> by show_traffic.sh).

        This is too low traffic

> Can the syncookie mechanism "slow down" the connection reception
> rate?

        You better to use ipchains -j DENY rules in the real
server(s). Better not to hit the routing or even the sockets.

> Fabrice Bucher

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
SYN floods and LVS-NAT CPU Load, Fabrice Re: SYN floods and LVS-NAT CPU Load, Julian Anastasov Re: SYN floods and LVS-NAT CPU Load, Fabrice Re: SYN floods and LVS-NAT CPU Load, Radu-Adrian Feurdean Re: SYN floods and LVS-NAT CPU Load, Julian Anastasov <= Re: SYN floods and LVS-NAT CPU Load, Fabrice Re: SYN floods and LVS-NAT CPU Load, Fabrice Re: SYN floods and LVS-NAT CPU Load, Julian Anastasov Re: SYN floods and LVS-NAT CPU Load, Radu-Adrian Feurdean Re: SYN floods and LVS-NAT CPU Load, Radu-Adrian Feurdean

Previous by Date:	Re: newbie question, Adam Seymour
Next by Date:	Re: SYN floods and LVS-NAT CPU Load, Fabrice
Previous by Thread:	Re: SYN floods and LVS-NAT CPU Load, Radu-Adrian Feurdean
Next by Thread:	Re: SYN floods and LVS-NAT CPU Load, Fabrice
Indexes:	[Date] [Thread] [Top] [All Lists]