From: William Dauchy <william@gandi.net>
To: William Dauchy <william@gandi.net>
Cc: Ahmed Amamou <ahmed@gandi.net>, Kamel Haddadou <kamel@gandi.net>,
Wei Liu <wei.liu2@citrix.com>,
Ian Campbell <Ian.Campbell@citrix.com>,
xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH v2] xen-netback: add a pseudo pps rate limit
Date: Tue, 2 Jul 2013 16:38:44 +0200 [thread overview]
Message-ID: <20130702143844.GF30876@gandi.net> (raw)
In-Reply-To: <20130624152215.GA7566@gandi.net>
[-- Attachment #1.1: Type: text/plain, Size: 1236 bytes --]
On Jun24 17:22, William Dauchy wrote:
> VM traffic is already limited by a throughput limit, but there is no
> control over the maximum packet per second (PPS).
> In DDOS attack the major issue is rather PPS than throughput.
> With provider offering more bandwidth to VMs, it becames easy to
> coordinate a massive attack using VMs. Example: 100Mbits ~ 200kpps using
> 64B packets.
> This patch provides a new option to limit VMs maximum packets per second
> emission rate.
> It follows the same credits logic used for throughput shaping. For the
> moment we have considered each "txreq" as a packet.
> PPS limits is passed to VIF at connection time via xenstore.
> PPS credit uses the same usecond period used by rate shaping check.
>
> known limitations:
> - by using the same usecond period, PPS shaping depends on throughput
> shaping.
> - it is not always true that a "txreq" correspond to a paquet
> (fragmentation cases) but as this shaping is meant to avoid DDOS
> (small paquets) such an pproximation should not impact the results.
> - Some help on burst handling will be appreciated.
>
> v2:
> - fixing some typo
any chance to get it accepted? some other comments?
Regards,
--
William
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2013-07-02 14:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-24 15:22 [PATCH v2] xen-netback: add a pseudo pps rate limit William Dauchy
2013-07-02 14:38 ` William Dauchy [this message]
2013-07-02 14:59 ` Ian Campbell
2013-07-09 11:59 ` Ahmed AMAMOU
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130702143844.GF30876@gandi.net \
--to=william@gandi.net \
--cc=Ian.Campbell@citrix.com \
--cc=ahmed@gandi.net \
--cc=kamel@gandi.net \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.