From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660100.outbound.protection.outlook.com [40.107.66.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id E072D3B29E for ; Tue, 6 Oct 2020 20:42:15 -0400 (EDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dnmHdTYVGzzInIoGAMhX1FZ5RInUq+RVoi4bM4rICWJSTi762GfZRmwINUYNJiCCOVj/YyLwh116gAI36yLZMKr7TOdr39wiQ3SbebC+IxgrwfZ2vtMAgb0ib1SbLp+ewFUiwpONy6flzzcfeThj4YUrR0sdjlZyDq1MR5YUl5QiQAz8xcIFgvwB6JvSiCEFLXlWPGktXR2sOkh6s2W3I5YkcHuhNLhpYrg6buj+WevEqtmTqGuR3nuJPP4DILC8lDjBEeX/FF/gJXm4c98MxlGjS5j9TbqBDv+950XD3x1Fk23/S812w/cwqar+GitOeiPor4lNChY6D9KUAKoMUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cK2YOuUy+G7QjgUxOzdVJaSG/gSNu7QkeN6TMtgAjRM=; b=M0l/wgusTw0btm7QoTIPYG64aARbIJj9n4vVlSV/ZOIPb5y8qj3a0a19NzSrJQsIKzvS0PeFZ8xR45TpkJP5NJqPcTHcyElpKz/Y7zw/NaCzEY0L9g2Wka9Ri1NMF2BnhC0J3jlIpdrTpcxHJF20qJn+XDi/yKm5FCJ8Y3yaCmXGfa92EDMeJnj5IWt3G+RKmCOA65Q56ZAXllX9zBTY2ZWtSO1h3Qh5+wZ9dQMdrEM2srd5iNLHuqvCihlV/to2quFk7TlzdCCHuNCOJaRJ1GBAwmm4iyd0HAZo0SCpvx6bX8416fWh3kfv9xv7mrvHxyT6brvfvdND0QpGqNAkYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=indexexchange.com; dmarc=pass action=none header.from=indexexchange.com; dkim=pass header.d=indexexchange.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=indexexchange.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cK2YOuUy+G7QjgUxOzdVJaSG/gSNu7QkeN6TMtgAjRM=; b=SFQY9kPZq27Wax/TFJoVrTvt6jzihMmMTljm8wZgrlBJqtZocDDrJnj0pgv3USh4SGDRw+TWgo1UtbFcnMtD6htWgcEjKPujO5/ROvVRM0wcrZOXWcrnG1pxYvzjJXQXldjdzmR+2iYAXZaWmnJ5rkPQrX3sAtz7h9mpEOJp/8s= Authentication-Results: indexexchange.com; dkim=none (message not signed) header.d=none;indexexchange.com; dmarc=none action=none header.from=indexexchange.com; Received: from YQXPR01MB3925.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:4e::18) by QB1PR01MB2516.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:38::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.34; Wed, 7 Oct 2020 00:42:14 +0000 Received: from YQXPR01MB3925.CANPRD01.PROD.OUTLOOK.COM ([fe80::b8d9:5502:588e:8143]) by YQXPR01MB3925.CANPRD01.PROD.OUTLOOK.COM ([fe80::b8d9:5502:588e:8143%7]) with mapi id 15.20.3433.045; Wed, 7 Oct 2020 00:42:14 +0000 Reply-To: dave.collier-brown@indexexchange.com To: bloat@lists.bufferbloat.net References: <2F8AA6E5-93F7-4FB2-A57F-10F7642F3092@gmail.com> From: Dave Collier-Brown Organization: Index Exchange Message-ID: <2ff7b07e-45b7-65df-11fa-6c3fdc6d32d5@indexexchange.com> Date: Tue, 6 Oct 2020 20:42:11 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------59C9B0BC5D5771E9DB4494CA" Content-Language: en-US X-Originating-IP: [99.240.238.19] X-ClientProxiedBy: MN2PR06CA0029.namprd06.prod.outlook.com (2603:10b6:208:23d::34) To YQXPR01MB3925.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:4e::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.7.123] (99.240.238.19) by MN2PR06CA0029.namprd06.prod.outlook.com (2603:10b6:208:23d::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.38 via Frontend Transport; Wed, 7 Oct 2020 00:42:13 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cab7e0ce-9c38-4f6e-adc8-08d86a59d56b X-MS-TrafficTypeDiagnostic: QB1PR01MB2516: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XTDf0jH3/FlbhFuEANpfgEnrMTfGDurukYpUQjFelO6aFf8vW7ChzuRpIGCUzORE90R8L69iEp1+TswDzlqTHemcMryGJQyPzX9vyp2QjN9tybHEbF1YLb5mDZvcmE1rCV/GcGobJTzBWZpL15ZVSgNbFaCo64skg76p8omtFIdYs3UMNT6JSD4mbLcuEigTAcxPVOiax7233VAYSxZUEbrHnfEyNsAfTdCd1UyfI7y1hG+FhE7jWSbbt2ANqYVli1zLa1YFxSChmsr83VjE+vR7h/8uypjYSLcOX3JNWzVK6bw0PIrzvvVNEdusYuojtIPHFLAKvw9Oq27rVaJgmbTS90aBsF9KDx+GoW83pwSp/7Q7ILPFKw6Ic1hRxAOPlpqhN/dvhUrF1DDLWQv9AEUbSzZvXbDMzFXNGJ38CKNNNMNu1RvnAiiC96BeeQQZjau/Rkr/HwX/pL+ELR9Z4Q== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR01MB3925.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(136003)(376002)(396003)(39850400004)(366004)(346002)(966005)(66556008)(5660300002)(2906002)(6916009)(8936002)(26005)(478600001)(36916002)(83380400001)(66476007)(86362001)(166002)(6486002)(66946007)(31686004)(2616005)(53546011)(956004)(52116002)(83080400001)(16576012)(31696002)(316002)(33964004)(16526019)(186003)(36756003)(8676002)(3450700001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: Tnna6lZeWTUCJIhDQLGNZfyLOix7l9BlNP4f2oDPTBR80/el5RnZPDfiLMzAqnl/QglYTTGPuZbaPvAIKWcStiXoCqIjszzK67xSw0OM1uaOAZf4gSb96eka/7NIsJ0e3SL7YxKo4gGdeLITCx8usTpD/A0tE1ag2V3A1n4XK5JYH4NJJ+LL4c7Ujy/P3I3oDC8QGlXiNknvs+MYria/JwWteOdM4fvhgBjO6wsAQPc7SxJu7e9IY8hgvCcMkzKV0ovdi2U5fMySlyk2CnDQfrNkatXV12tfrTydSFta33hvyCLuPgQwVy2YCj1wT9uTe6ojMLb+AhLMWWrtAPyvMAlarZjfo3Do2SO2w8hMdOJuZGPGnGiDr0IRBcWfKuOMi43Zuj5WbycBnfLwPNHC4s35TDmUxslXtTSVrZ/GLRm7nH8hu8bfk0LYteR5Z9p5vj1zon8aPrKSSKVfWT7z/gNax17/CWAwZVxrSaeYO2NpWX2ViUizGetoZYFxMI44SDRI+KIgjHv4g9A9B9E79gHwugXwzoHHK8V/kuiOvEK36EC1nBqcQnIj07Y9ZwmTUI3+7mxQ3oy/E5kjQdEI84jtwnREfVmw69FSPY3Ef8EtOfNglX5kxgoOLnoCe8WlNLR0hHqCHnLTKncsPNEQDg== X-OriginatorOrg: indexexchange.com X-MS-Exchange-CrossTenant-Network-Message-Id: cab7e0ce-9c38-4f6e-adc8-08d86a59d56b X-MS-Exchange-CrossTenant-AuthSource: YQXPR01MB3925.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2020 00:42:14.2909 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b07c0690-22b8-4366-8d8d-7b845d088e18 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /ssFuRuGEnmFiyCf3jq6cJqtE8aQS2X4adIeX6oZMNvYd8zzloZee13LImT0WKO2BbOpJdWKJ/1PTjJFL9cXUrere0V2svrdrDvSp1/HIJn8lHJ59NbT1/V5gM+DB50H X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB2516 Subject: Re: [Bloat] netperf server news X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 00:42:16 -0000 --------------59C9B0BC5D5771E9DB4494CA Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: quoted-printable Number? One or two that were complete and successful. Maybe five unsuccessful trie= s. More of a sequence than a time-period: u{1-5}s{1-2} --daev On 2020-10-06 4:40 p.m., Rich Brown wrote: Thanks for the feedback. Some responses: 1) I'm glad that people are seeing reasonable speeds from the VPS. (I don't= know what I can do to make it go faster, so I'm relieved...) 2) I don't think I posed the right question for the number-of-tests thresho= ld. (Most of the responses were like, "Sure, that sounds like enough..." Le= t me reframe the question: In your normal testing/troubleshooting process, what is the maximum= number of tests YOU might need to run in any two-day period? 3) If you can't get through to netperf.bufferbloat.net, send me your IP add= ress because it might have been blacklisted. Thanks! Rich On Oct 6, 2020, at 6:52 AM, Rich Brown wrote: To the Bloat list, I had some time, so I looked into what it might take to keep the netperf.bu= fferbloat.net server on-line in the face of an unwitting "DDoS" attack - au= tomated scripts that run tests every 5 minutes 24x7. The problem was that t= hese tests would blow through my 4TB/month bandwidth allocation in a few da= ys. In the past, I had been irregularly running a set of scripts to count incom= ing netperf connections and blacklist (in iptables) those whose counts were= too high. This wasn't good enough: it wasn't keeping up with the tidal wav= e of connections. Last week, I revised those scripts to work as a cron job. The current param= eters are: run the script every hour; process the last two days' of kern.lo= g files; look for > 500 connections; drop those addresses in iptables. There are currently 479 addresses blacklisted in iptables (that explains wh= y the bandwidth was being consumed so quickly). There are only a few new ad= dresses being added per day, so it seems that we have flushed out most of t= he abusers. My questions for this august group: 1) The server at netperf.bufferbloat.net is up and running. I get full rate= speed from my 7mbps DSL circuit, but that's not much of a test. I would be= interested to hear your results. 2) The current threshold comes from this estimate: most speed tests use 10 = connections: 5 connections up and 5 down. So 500 connections would permit a= bout 50 tests over the course of two days. Is that enough for "real researc= h"? (If you need more, I can add your address to my whitelist file...) 3) I would be pleased to get comments on the set of scripts. I'm a newbie a= t iptables, so it wouldn't hurt to have someone else check the rules I devi= sed. See the README at https://github.com/richb-hanover/netperfclean Thanks. Rich _______________________________________________ Bloat mailing list Bloat@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/bloat -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest dave.collier-brown@indexexchange.com | -- Mark Twain CONFIDENTIALITY NOTICE AND DISCLAIMER : This telecommunication, including a= ny and all attachments, contains confidential information intended only for= the person(s) to whom it is addressed. Any dissemination, distribution, co= pying or disclosure is strictly prohibited and is not a waiver of confident= iality. If you have received this telecommunication in error, please notify= the sender immediately by return electronic mail and delete the message fr= om your inbox and deleted items folders. This telecommunication does not co= nstitute an express or implied agreement to conduct transactions by electro= nic means, nor does it constitute a contract offer, a contract amendment or= an acceptance of a contract offer. Contract terms contained in this teleco= mmunication are subject to legal review and the completion of formal docume= ntation and are not binding until same is confirmed in writing and has been= signed by an authorized signatory. --------------59C9B0BC5D5771E9DB4494CA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Number?

One or two that were complete and successful.  Maybe five unsuccess= ful tries.

More of a sequence than a time-period: u{1-5}s{1-2}

--daev


On 2020-10-06 4:40 p.m., Rich Brown wrote: 
Thanks for the feedback. Some respon=
ses:

1) I'm glad that people are seeing reasonable speeds from the VPS. (I don't=
 know what I can do to make it go faster, so I'm relieved...)

2) I don't think I posed the right question for the number-of-tests thresho=
ld. (Most of the responses were like, "Sure, that sounds like enough..=
." Let me reframe the question:=20

	In your normal testing/troubleshooting process, what is the maximum number=
 of tests YOU might need to run in any two-day period?

3) If you can't get through to netperf.bufferbloat.net, send me your IP add=
ress because it might have been blacklisted.

Thanks!

Rich



On Oct 6, 2020, at 6:52 AM, Rich Bro=
wn <richb.hanover@gmail.com> wrote:

To the Bloat list,

I had some time, so I looked into what it might take to keep the netperf.bu=
fferbloat.net server on-line in the face of an unwitting "DDoS" a=
ttack - automated scripts that run tests every 5 minutes 24x7. The problem =
was that these tests would blow through my 4TB/month bandwidth allocation i=
n a few days.

In the past, I had been irregularly running a set of scripts to count incom=
ing netperf connections and blacklist (in iptables) those whose counts were=
 too high. This wasn't good enough: it wasn't keeping up with the tidal wav=
e of connections.

Last week, I revised those scripts to work as a cron job. The current param=
eters are: run the script every hour; process the last two days' of kern.lo=
g files; look for > 500 connections; drop those addresses in iptables.

There are currently 479 addresses blacklisted in iptables (that explains wh=
y the bandwidth was being consumed so quickly). There are only a few new ad=
dresses being added per day, so it seems that we have flushed out most of t=
he abusers.

My questions for this august group:

1) The server at netperf.bufferbloat.net is up and running. I get full rate=
 speed from my 7mbps DSL circuit, but that's not much of a test. I would be=
 interested to hear your results.

2) The current threshold comes from this estimate: most speed tests use 10 =
connections: 5 connections up and 5 down. So 500 connections would permit a=
bout 50 tests over the course of two days. Is that enough for "real re=
search"? (If you need more, I can add your address to my whitelist fil=
e...)

3) I would be pleased to get comments on the set of scripts. I'm a newbie a=
t iptables, so it wouldn't hurt to have someone else check the rules I devi=
sed. See the README at https://github.com/richb-hanover/netp=
erfclean

Thanks.

Rich


_______________________________________________
Bloat mailing list
Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat

--=20
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dave.collier-brown@indexexchange.com |              -- =
Mark Twain

CONFIDENTIALITY NOTICE AND D= ISCLAIMER : T= his telecommunication, including any and all attachments, contains confiden= tial information intended only for the person(s) to whom it is addressed. Any dissemination, distribution, copying or discl= osure is strictly prohibited and is not a waiver of confidentiality. If you= have received this telecommunication in error, please notify the sender im= mediately by return electronic mail and delete the message from your inbox and deleted items folders. This tel= ecommunication does not constitute an express or implied agreement to condu= ct transactions by electronic means, nor does it constitute a contract offe= r, a contract amendment or an acceptance of a contract offer. Contract terms contained in this telecommunication ar= e subject to legal review and the completion of formal documentation and ar= e not binding until same is confirmed in writing and has been signed by an = authorized signatory.

--------------59C9B0BC5D5771E9DB4494CA--