From mboxrd@z Thu Jan  1 00:00:00 1970
From: William Dauchy <william@gandi.net>
Subject: Re: [PATCH v2] xen-netback: add a pseudo pps rate limit
Date: Tue, 2 Jul 2013 16:38:44 +0200
Message-ID: <20130702143844.GF30876@gandi.net>
References: <20130624152215.GA7566@gandi.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3911034896068556264=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20130624152215.GA7566@gandi.net>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: William Dauchy <william@gandi.net>
Cc: Ahmed Amamou <ahmed@gandi.net>, Kamel Haddadou <kamel@gandi.net>, Wei Liu <wei.liu2@citrix.com>, Ian Campbell <Ian.Campbell@citrix.com>, xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org


--===============3911034896068556264==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="pyE8wggRBhVBcj8z"
Content-Disposition: inline


--pyE8wggRBhVBcj8z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Jun24 17:22, William Dauchy wrote:
> VM traffic is already limited by a throughput limit, but there is no
> control over the maximum packet per second (PPS).
> In DDOS attack the major issue is rather PPS than throughput.
> With provider offering more bandwidth to VMs, it becames easy to
> coordinate a massive attack using VMs. Example: 100Mbits ~ 200kpps using
> 64B packets.
> This patch provides a new option to limit VMs maximum packets per second
> emission rate.
> It follows the same credits logic used for throughput shaping. For the
> moment we have considered each "txreq" as a packet.
> PPS limits is passed to VIF at connection time via xenstore.
> PPS credit uses the same usecond period used by rate shaping check.
>=20
> known limitations:
> - by using the same usecond period, PPS shaping depends on throughput
>   shaping.
> - it is not always true that a "txreq" correspond to a paquet
>   (fragmentation cases) but as this shaping is meant to avoid DDOS
>   (small paquets) such an pproximation should not impact the results.
> - Some help on burst handling will be appreciated.
>=20
> v2:
> - fixing some typo

any chance to get it accepted? some other comments?

Regards,
--=20
William

--pyE8wggRBhVBcj8z
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlHS5fQACgkQ1I6eqOUidQEmKACfa1nUKEYk7MDrXfR0C4VEDJbz
GHIAoK0fwXPcdTLxFUJKC/cSR8tWLKpp
=qfZ7
-----END PGP SIGNATURE-----

--pyE8wggRBhVBcj8z--


--===============3911034896068556264==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============3911034896068556264==--