[nycbug-talk] Some DoS benchmarking

pete wright nomadlogic
Sat Mar 19 01:09:58 EST 2005

> As you can see down the line I eventually wrangled some decent hardware
> and it performed great.  I'm a bit stuck as far as getting the *senders*
> to generate more than 130,000 pps and 65Mb/s.  At one point I had one dual
> 2.8 Xeon, one dual 2.0 Xeon and one dual 1.0 PIII box hitting it.  The
> receiving box was totally responsive (running 4.11, BTW) and was only
> spending about 8% of the CPU servicing interrupts, and that's WITHOUT
> polling enabled in the kernel.  Pretty impressive.  I'm wondering if my
> little backend switch (I used the internal network for this) is the
> bottleneck?
> Thoughts?  Observations?  Hints on tuning polling (Hz value) if this were
> a real-world DDoS and I wanted to make sure I'm not wasting cycles
> processing garbage?

this looks pretty interesting.  it may be worth checking out the
freebsd archives (smp maybe?) to see what Robert Watson has to say
about interrupts in the 5.x branch.  shoot there may even be a test
case in those archives.  i'll try to check that out tonight if i have
time before my shift ends.  as an aside, the bsd sysstat/systat(1)
utility has an ability to report interrupts (systat -vmstat).  may be
interesting run that during a test...


Pete Wright
NYC's *BSD User Group

