From owner-freebsd-stable  Tue Sep 21  6:59:32 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id ABC7114E96; Tue, 21 Sep 1999 06:59:16 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id PAA76021;
	Tue, 21 Sep 1999 15:58:44 +0200 (CEST)
	(envelope-from des)
To: Kip Macy <kip@lyris.com>
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	Joao Carlos <jcarlos@bahianet.com.br>, stable@FreeBSD.ORG,
	questions@FreeBSD.ORG, security@FreeBSD.ORG, hitech@bahianet.com.br
Subject: Re: Out of mbuf clusters
References: <Pine.SOL.4.05.9909201137450.25063-100000@luna>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 21 Sep 1999 15:58:43 +0200
In-Reply-To: Kip Macy's message of "Mon, 20 Sep 1999 11:47:54 -0700 (PDT)"
Message-ID: <xzpzoygnz70.fsf@flood.ping.uio.no>
Lines: 41
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Kip Macy <kip@lyris.com> writes:
> This is in no way a rant against FreeBSD, but rather a rant against the
> attitude that one needs to know about OS internals to run a lightweight
> server.

Calling what he did to that box "running a lightweight server" is a
very very wide stretch of imagination. I haven't seen his CLONE
program and therefore can't speak with 100% assurance, but I've run
similar experiments against my own servers, so I think I'm entitled to
make an educated guess about the behaviour of CLONE. It simulates a
worst-case scenario for an IRC server: open hundreds of connections,
log on, join a channel, but don't consume the data the server sends.
This fills up the server's send queues and exhausts its mbuf pool.
Memory consumption is a quadratic function of the number of clones
(linear if you just connect without joining a channel).

The worst thing about CLONE is that it's neither a realistic
simulation of normal everyday IRC traffic (because real IRC clients
consume data almost as soon as it is sent, and therefore do not fill
up the server's send queues), nor of a typical attack against an IRC
server (because a properly-configured IRC server does not allow a
large number of connections from the same host, nor does it allow the
send queues to fill up, and is therefore practically immune to this
kind of attack).

This is what mbuf usage looks like on a real-world IRC server with
1800 clients:

root@irc ~# netstat -m
2859/9376 mbufs in use:
        947 mbufs allocated to data
        1912 mbufs allocated to packet headers
180/2466/8192 mbuf clusters in use (current/peak/max)
6104 Kbytes allocated to network (11% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message