[Bloat] Need help with netperf.bufferbloat.net server

[Bloat] Need help with netperf.bufferbloat.net server

[Rich Brown]

Hi folks,

This note was prompted by a question from the crusader github repo [1] where I wrote the following:

>> It seems to me that the server netperf.bufferbloat.net (also called netperf-east.bufferbloat.net) has been down for quite a while.
>
> Yes. I have been stymied by heavy abuse of the server. In addition to legitimate researchers or occasional users,
> I see people running a speed test every five minutes, 24x7.
>
> I created a bunch of scripts [2] to review the netperf server logs and use iptables to shut off people who abuse the server.
> Even with those scripts running, I have been unable to keep the traffic sent/received below the 4TB/month cap at my VPS.

Does anyone have thoughts about how to continue providing a netperf server at the name "netperf.bufferbloat.net" while not overwhelming any particular server? Many thanks.

Rich

[1] https://github.com/Zoxc/crusader/issues/14#issuecomment-2028273112
[2] https://github.com/richb-hanover/netperfclean

Re: [Bloat] Need help with netperf.bufferbloat.net server

[Jonathan Foulkes]

[-- Attachment #1: Type: text/plain, Size: 1786 bytes --]

Hi Rich,



Sure, here's what we did to protect our Netperf servers: Require a password to run netperf (it's a command line parameter on the client), and rotate the password regularly.



This means users will need to sign up for access, and get an email every time the password is rotated. That way you know who is using (or abusing) the services. If it is being abused, knock out the abuser from the list, and rotate the pwd.



Use different passwords for each server to have fine-grained access controls.


I hope that helps,


Jonathan Foulkes








---- On Sat, 30 Mar 2024 13:03:00 -0400 Rich Brown via Bloat <bloat@lists.bufferbloat.net> wrote ---



Hi folks,

This note was prompted by a question from the crusader github repo [1] where I wrote the following:

>> It seems to me that the server netperf.bufferbloat.net (also called netperf-east.bufferbloat.net) has been down for quite a while.
>
> Yes. I have been stymied by heavy abuse of the server. In addition to legitimate researchers or occasional users,
> I see people running a speed test every five minutes, 24x7.
>
> I created a bunch of scripts [2] to review the netperf server logs and use iptables to shut off people who abuse the server.
> Even with those scripts running, I have been unable to keep the traffic sent/received below the 4TB/month cap at my VPS.

Does anyone have thoughts about how to continue providing a netperf server at the name "netperf.bufferbloat.net" while not overwhelming any particular server? Many thanks.

Rich

[1] https://github.com/Zoxc/crusader/issues/14#issuecomment-2028273112
[2] https://github.com/richb-hanover/netperfclean
_______________________________________________
Bloat mailing list
mailto:Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat

[-- Attachment #2: Type: text/html, Size: 3052 bytes --]

Re: [Bloat] Need help with netperf.bufferbloat.net server

[Frank Carmickle]

> On Mar 30, 2024, at 13:03, Rich Brown via Bloat <bloat@lists.bufferbloat.net> wrote:
> 
> Hi folks,
> 
> This note was prompted by a question from the crusader github repo [1] where I wrote the following:
> 
>>> It seems to me that the server netperf.bufferbloat.net (also called netperf-east.bufferbloat.net) has been down for quite a while.
>> 
>> Yes. I have been stymied by heavy abuse of the server. In addition to legitimate researchers or occasional users,
>> I see people running a speed test every five minutes, 24x7.
>> 
>> I created a bunch of scripts [2] to review the netperf server logs and use iptables to shut off people who abuse the server.
>> Even with those scripts running, I have been unable to keep the traffic sent/received below the 4TB/month cap at my VPS.
> 
> Does anyone have thoughts about how to continue providing a netperf server at the name "netperf.bufferbloat.net" while not overwhelming any particular server? Many thanks.

If you are looking to do some traffic steering, geodns is a great tool, if you are willing to either run your own authoritative DNS servers, or farm it out to a service that supports this, such as aws route53. I pretty busy right now, but I may have some time at some point to help spin up authoritative servers based on preferably knot, or pdns.

--FC

Re: [Bloat] Need help with netperf.bufferbloat.net server

[Rich Brown]

[-- Attachment #1: Type: text/plain, Size: 3392 bytes --]

I finally got around to implementing Jonathan Foulkes' suggestion and set up the `netserver` at netperf.bufferbloat.net to require a passphrase - `netserver -Z passphrase`

I have set up a daily passphrase change - people can get the current day's value at netperf.bufferbloat.net. I have a cron job that runs at 00:01 to kill all the `netserver` processes, regenerate a passphrase, and restart with the new passphrase. The web server substitutes that passphrase into the web page, so people can get a fresh copy every day. You can see the machinery at my repo: https://github.com/richb-hanover/Netperf-with-passphrase

I also updated the `betterspeedtest.sh` script to pass through a `-Z passphrase` option if it's specified. See 
https://github.com/richb-hanover/OpenWrtScripts/blob/master/betterspeedtest.sh

Hopefully, this will eliminate the problem I was having: blowing through my VPS traffic limit (4TBytes) in the first few days of the month... (It'll also be interesting to see how many people retrieve the passphrase each day...)

Comments and field reports (positive and negative) welcomed. Thanks

Rich

PS I wonder if it adding a `-Z` option to flent or other netperf cients would be useful

> On Mar 30, 2024, at 2:12 PM, Jonathan Foulkes <jf@jonathanfoulkes.com> wrote:
> 
> Hi Rich,
> 
> Sure, here's what we did to protect our Netperf servers: Require a password to run netperf (it's a command line parameter on the client), and rotate the password regularly.
> 
> This means users will need to sign up for access, and get an email every time the password is rotated. That way you know who is using (or abusing) the services. If it is being abused, knock out the abuser from the list, and rotate the pwd.
> 
> Use different passwords for each server to have fine-grained access controls.
> 
> I hope that helps,
> 
> Jonathan Foulkes
> 
> 
> 
> ---- On Sat, 30 Mar 2024 13:03:00 -0400 Rich Brown via Bloat <bloat@lists.bufferbloat.net> wrote ---
> 
> Hi folks,
> 
> This note was prompted by a question from the crusader github repo [1] where I wrote the following:
> 
> >> It seems to me that the server netperf.bufferbloat.net (also called netperf-east.bufferbloat.net) has been down for quite a while.
> >
> > Yes. I have been stymied by heavy abuse of the server. In addition to legitimate researchers or occasional users,
> > I see people running a speed test every five minutes, 24x7.
> >
> > I created a bunch of scripts [2] to review the netperf server logs and use iptables to shut off people who abuse the server.
> > Even with those scripts running, I have been unable to keep the traffic sent/received below the 4TB/month cap at my VPS.
> 
> Does anyone have thoughts about how to continue providing a netperf server at the name "netperf.bufferbloat.net" while not overwhelming any particular server? Many thanks.
> 
> Rich
> 
> [1] https://github.com/Zoxc/crusader/issues/14#issuecomment-2028273112 <https://github.com/Zoxc/crusader/issues/14#issuecomment-2028273112>
> [2] https://github.com/richb-hanover/netperfclean <https://github.com/richb-hanover/netperfclean>
> _______________________________________________
> Bloat mailing list
> Bloat@lists.bufferbloat.net <mailto:Bloat@lists.bufferbloat.net>
> https://lists.bufferbloat.net/listinfo/bloat <https://lists.bufferbloat.net/listinfo/bloat>
> 


[-- Attachment #2: Type: text/html, Size: 6218 bytes --]