[nycbug-talk] Some DoS benchmarking
Charles Sprickman
spork
Sat Mar 19 00:23:23 EST 2005
Hey all,
I don't know if anyone here reads the forums on DSLReports at all, but I
stop by there now and then mostly for their Mac forum and to vent
frustrations on the political boards. They have a unix forum, but it's
mostly linux noobs asking about "Dropline Gnome", "Ubuntu" and many other
things that make little sense to me.
Anyhow, the site was recently DDoS'd and the frontend box couldn't handle
it. Their upstream apparently was able to squash some of it so that it
wasn't a bandwidth DoS, but the Linux 2.4.? kernel was spending an
inordinate amount of time servicing interrupts from the network card.
This thread has the site owner/admin musing over how to improve it.
Needless to say the 3 BSD guys there didn't say "dude, drop linux and go
to BSD", but we did all do some testing. I'm "sporkme". That
"eatmeingreek" guy seems pretty clever... :)
As you can see down the line I eventually wrangled some decent hardware
and it performed great. I'm a bit stuck as far as getting the *senders*
to generate more than 130,000 pps and 65Mb/s. At one point I had one dual
2.8 Xeon, one dual 2.0 Xeon and one dual 1.0 PIII box hitting it. The
receiving box was totally responsive (running 4.11, BTW) and was only
spending about 8% of the CPU servicing interrupts, and that's WITHOUT
polling enabled in the kernel. Pretty impressive. I'm wondering if my
little backend switch (I used the internal network for this) is the
bottleneck?
Thoughts? Observations? Hints on tuning polling (Hz value) if this were
a real-world DDoS and I wanted to make sure I'm not wasting cycles
processing garbage?
http://www.dslreports.com/forum/remark,12920826
Thanks,
Charles
___
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet - www.bway.net
spork at bway.net - 212.655.9344
More information about the talk
mailing list