Re: Update: Alternate port randomization approaches
From: Maxim Konovalov (maxim_at_FreeBSD.org)
Date: 12/29/04
- Previous message: Mike Silbersack: "Update: Alternate port randomization approaches"
- In reply to: Mike Silbersack: "Update: Alternate port randomization approaches"
- Next in thread: Mike Silbersack: "Re: Update: Alternate port randomization approaches"
- Reply: Mike Silbersack: "Re: Update: Alternate port randomization approaches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Dec 2004 16:09:50 +0300 (MSK) To: Mike Silbersack <silby@silby.com>
On Wed, 29 Dec 2004, 03:02-0600, Mike Silbersack wrote:
> On Sat, 18 Dec 2004, Mike Silbersack wrote:
>
> > There have been a few reports by users of front end web proxies and other
> > systems under FreeBSD that port randomization causes them problems under
> > load. This seems to be due to a combination of port randomization and
> > rapid connections to the same host causing ports to be recycled before
> > the ISN has advanced past the end of the previous connection, thereby
> > causing the TIME_WAIT socket on the receiving end to ignore the new SYN.
>
> Based on testing done by Igor Sysoev, I've found that my original patch is
> insufficient; even as little as one randomizaion per second can cause problems
> for some users. As a result, I've created the attached patch (versions for
> both 6.x and 4.x are included). It implements a relatively simple algorithm:
> Port randomization is turned disable once the connection rate goes above 20
> connections per second, and it is not reenabled until the connection rate
> falls below 20 cps for 5 seconds straight.
>
> This appears to work for Igor, and it seems safe enough to commit before
> 4.11-RC2. But, if possible, I'd like a few more sets of eyes to doublecheck
> the concept and code; please take a look at it if you have a chance.
Again, it's not clear for me why we don't follow our usual
deveplopment cycle here: commit & test in HEAD and then MFC to STABLE?
-- Maxim Konovalov _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Mike Silbersack: "Update: Alternate port randomization approaches"
- In reply to: Mike Silbersack: "Update: Alternate port randomization approaches"
- Next in thread: Mike Silbersack: "Re: Update: Alternate port randomization approaches"
- Reply: Mike Silbersack: "Re: Update: Alternate port randomization approaches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
