Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues

---

• From: Justin Robertson <justin@xxxxxxxxxx>
• Date: Thu, 15 Feb 2007 15:06:23 -0800

---

This is definitely worst-case, it's simulating a DDoS attack at the network. What is really surprising is that just 1mbps of traffic is able to kill a 6.x box doing routing. If it were, say, 600mbps that I'd understand as you're pushing over a million PPS. But 1mbps? :-\


Freddie Cash wrote:

On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote:

Send a flood of 60 byte syn packets with the tcp sack option thru
it and check out what happens. It's pretty weird and I can't explain
why. If you block the packets on the box via ipfw it's fine, the second
it has to make a routing decision everything goes out the window, it
seems. There's 100% packet loss on all protocols. I'm not using NAT,
there are real IPs in different C classes on the other side of the box.

Is that something that would occur normally? Or is this a worst-case/stress-test trying to break things? How are you generating the packets?

I'm not a network guru, and haven't done much in the way of network-related stress-testing, but I'm always looking for ways to do so.

--
Justin



_______________________________________________
freebsd-performance@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "freebsd-performance-unsubscribe@xxxxxxxxxxx"

---

• References:
  • Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
    • From: Freddie Cash
  • Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
    • From: Justin Robertson
  • Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
    • From: Freddie Cash

• Prev by Date: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
• Next by Date: bizarre performance issues in 6.2 release
• Previous by thread: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
• Next by thread: RE:: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Ethernet issue: works one way but not another ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ... (freebsd-questions) Re: Update: UDP 770 Potential Worm ... > the network immediately after the 'attack', ... were no packets indicating some form of replication. ... I noticed that the UDP ... > of the UDP datagrams is the IP address of the proxy? ... (Incidents) Re: IDSIPS that can handle one Gig ... especially with 64-byte UDP packets. ... There are plenty of network IPS's ... IDS/IPS devices through use of fragments. ... Find out quickly and easily by testing it with real-world attacks from ... (Focus-IDS) Re: iptables and dhcp ... > the same physical network segment as the firewall and the remote DHCP ... You used INPUT and not FORWARD chain ... # This target allows packets to be marked in the mangle table ... (comp.os.linux.networking) Re: Update: UDP 770 Potential Worm ... > were no packets indicating some form of replication. ... > my capture was limited due to the switched ... to see if the problem occurs on the test network, ... The proxy had already been isolated from the ... (Incidents)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > performance  > 2007-02