From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id BA2513B29E for ; Tue, 6 Oct 2020 09:11:24 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1601989883; bh=KRMCVAWHeg3VjYlGEp7lrb7UvQaneCG8dj+9UXXTcAw=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=jiMj9rKZQMys+Kg/vv9kDGtzHlLe7+FwIrwjSFtjbjzc/vIE4dmqfcFmaOaKcz2vs NHwwJeOsLYeRVhTFHEgfX1zU0807g6zxmK5RZlOx/QrAew6X2BAhvCRPDbd+/XOUge gGKDJyUoHFQlDw4FhZQA8+fetpJ3OVgziJcBFsdw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [172.16.12.100] ([134.76.241.253]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MhD6W-1kvI0e3kGI-00eIO1; Tue, 06 Oct 2020 15:11:22 +0200 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\)) From: Sebastian Moeller In-Reply-To: <2F8AA6E5-93F7-4FB2-A57F-10F7642F3092@gmail.com> Date: Tue, 6 Oct 2020 15:11:22 +0200 Cc: bloat Content-Transfer-Encoding: quoted-printable Message-Id: <5EF26C9A-EAE6-4B0A-A489-D192438868D4@gmx.de> References: <2F8AA6E5-93F7-4FB2-A57F-10F7642F3092@gmail.com> To: Rich Brown X-Mailer: Apple Mail (2.3445.104.17) X-Provags-ID: V03:K1:WreJjqCgTspNtFDV9C4QHU8y9thtaPTxptLtue4ze08Uf61oIdn pPiFI1may2ICjb5Rjod9mi32j2xRtLUsVqPb+ZBUuvuvl2mbaun0usENLKSMsiIZTCWmfFQ xQG7hYwrU8eQe+pTG9sy7o0P9nLNDIFIkh/XCxJj7cL1F3FF1D92PZxrWDENXhA2tzZ5hJ6 myeIAwferrFjB/OKonMTQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:xHcZDh3y/F8=:n6vfYaBSegkFchfOY65F+o Utto3ItTdAojXbgyIukFocX4x2cpqTcXK3q23ZDsg3/J+3ePLCNruimBUdRJ5kZvq/nnlfHeA xbv3LIWydqeo97lUCn9hu72Jnq1w+S8JlNkbma4EnYWd40G9fzvEyIV6CTh8INFhaqGl+1YDR 82oc6f8Ej7B/pgAtcakOqVH1Lw69lcSSnwA6a1rwOW18ORTL9UWw/5JpEQ4UaEpzZ1wsXUsMc yyzKTlTBTbxyhbfqZIpcGl/xSPJ+xIuEyUZoGLb0pqZ3JDiKo2l9Pa4MTgVf/njKYLMpnB8XS /pgWj1NroIGd/AGVNH1EYne54E3N5WS243gulON8lfDDQDFQirnVFe8AG0HydDlj6izGBlrys 8Q0c+ikT4s1R5AWS7u16u+Yr/c0soIH1NwPn5noasWdXmx3r0OWUlwWY2T922BHwnK66jG4De FeAz24emqC9Rkz9PlDBCtJOCBSG8D/wo1P7nPRI01+7WkIs9MGCt3Kf6xT/WaXCmplNhNinHC N1sEQGlOIReR4rsLQYSbPwHXmQO9k+A8o2wxnTgtvvRQXCgB1q4LLcCL+EbfRTQHMmSLATlKv +bf6J3tEyu9IsqC+GaWs3EvQCtbaQBlRvXJECk1DJhZlZFOgWpTH02ysPo/hW6PwikQa84GTb 01607ZHlo1gKn6xv2hC3PD4Li1rM2RKCqvFOWCCVbpbxISArSXrHn/OXcSu8sWYvQwZf9qiWv dxCeCLpOcmArAejO3clD3sewf2XeEAGmuhMswghLMQR/uD4XYCfR3GzfQWW2rJEqNLwC6QGoI gJQoqFf/4sEw0AjXz8tWYIAHYXJEd+MHLh0nlm615vyMWUhkKgZdWYltHFb/0RhQqdOgVImsm 4AkDHwJnqt9aTMfz34U66GXmctG0go4JorDjvj67IpbthGI0LMDstOPRcrfyyxh4vrH0pSFoM o4fSagthnUYa6KnkASuN/oVsWYMCVBc7avGBhBeBFfub5+XEdALZLyDLb8Ohpg9o6k9TNNRq9 J3nfmITzMTUkySjl9j6nt9qEMiQxNZ58OowiX+6N1lSB+yXUy9WDMLYHk4OZ9LsAOSpZGKr1b ImNz7Qunb3/SK6WHV6GStvgDxmB1nToXCCBoaoqQ6Bj/Oil2qlKGxnOExG7U9ePbIrwBPIjbk gPhypXVRtJLc/VT9/Y9+pSiT8AQFdb3xrhvFXJf1v4PzYbtddHQI2NrEdOStg3YsjmqXF3xbA HeFKcQtKJLBwsSICc Subject: Re: [Bloat] netperf server news X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 13:11:25 -0000 Dear Rich, first, thanks for supplying that service. > On Oct 6, 2020, at 12:52, Rich Brown wrote: >=20 > To the Bloat list, >=20 > I had some time, so I looked into what it might take to keep the = netperf.bufferbloat.net server on-line in the face of an unwitting = "DDoS" attack - automated scripts that run tests every 5 minutes 24x7. = The problem was that these tests would blow through my 4TB/month = bandwidth allocation in a few days. >=20 > In the past, I had been irregularly running a set of scripts to count = incoming netperf connections and blacklist (in iptables) those whose = counts were too high. This wasn't good enough: it wasn't keeping up with = the tidal wave of connections. >=20 > Last week, I revised those scripts to work as a cron job. The current = parameters are: run the script every hour; process the last two days' of = kern.log files; look for > 500 connections; drop those addresses in = iptables. >=20 > There are currently 479 addresses blacklisted in iptables (that = explains why the bandwidth was being consumed so quickly). There are = only a few new addresses being added per day, so it seems that we have = flushed out most of the abusers. >=20 > My questions for this august group: >=20 > 1) The server at netperf.bufferbloat.net is up and running. I get full = rate speed from my 7mbps DSL circuit, but that's not much of a test. I = would be interested to hear your results. =46rom work: bash-3.2$ ./betterspeedtest.sh 2020-10-06 14:46:19 Testing against netperf.bufferbloat.net (ipv4) with = 5 simultaneous sessions while pinging gstatic.com (60 seconds in each = direction) . Download: Mbps Latency: (in msec, 1 pings, 0.00% packet loss) Min: 6.868=20 10pct: 0.000=20 Median: 0.000=20 Avg: 6.868=20 90pct: 0.000=20 Max: 6.868 ............................................................. Upload: 309.67 Mbps Latency: (in msec, 61 pings, 0.00% packet loss) Min: 6.644=20 10pct: 6.730=20 Median: 7.289=20 Avg: 7.385=20 90pct: 7.941=20 Max: 9.980 Press any key to continue... bash-3.2$ ./betterspeedtest.sh 2020-10-06 14:49:33 Testing against netperf.bufferbloat.net (ipv4) with = 5 simultaneous sessions while pinging gstatic.com (60 seconds in each = direction) = ..........................................................................= ...... Download: 0 Mbps Latency: (in msec, 80 pings, 0.00% packet loss) Min: 6.583=20 10pct: 6.637=20 Median: 6.674=20 Avg: 6.694=20 90pct: 6.743=20 Max: 7.204 = ..........................................................................= ...... Upload: 0 Mbps Latency: (in msec, 80 pings, 0.00% packet loss) Min: 6.555=20 10pct: 6.622=20 Median: 6.667=20 Avg: 6.687=20 90pct: 6.742=20 Max: 7.218 Press any key to continue... So there seems to be an issue with the Download test, from home I = currently get 0/0 for both Upload/download.... Maybe I just made it on = the block list (not that I remember trying to reach that server in the = last weeks at all). Running flent's rrul_cs8 manually against netperf.bufferbloat.net gave = me around 80/25 which seems believable. >=20 > 2) The current threshold comes from this estimate: most speed tests = use 10 connections: 5 connections up and 5 down. So 500 connections = would permit about 50 tests over the course of two days. Is that enough = for "real research"? (If you need more, I can add your address to my = whitelist file...) I think 50 tests is quite generous, that is more than one test = every hour for two days ;) >=20 > 3) I would be pleased to get comments on the set of scripts. I'm a = newbie at iptables, so it wouldn't hurt to have someone else check the = rules I devised. See the README at = https://github.com/richb-hanover/netperfclean Outside of my area of expertise.... Best Reards Sebastian >=20 > Thanks. >=20 > Rich >=20 > _______________________________________________ > Bloat mailing list > Bloat@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/bloat