From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 93C2F3CB3F; Tue, 3 Sep 2019 11:22:45 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1567524160; bh=G0siIGlNXoL8ODLT64HBe6CtyDRLnb4HSjR3Be0H0mU=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=HHKtNV0+YfVMYgZSDA3aHLpD7gSwMvFyqrUSG+IfYVJjhkoW7k6cNDLlkX8bJm9ZN gAgWvyfQrIjFrErgcnIRET8h8a6BGzXhy0yCG9/E4M7acui5tgZ1M3fJq50tqyDFCn sY+R1o9nhYbeiupD4BdEzxTmhNjl7zgJh8m3YSbY= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [10.11.12.32] ([134.76.241.253]) by mail.gmx.com (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M4s51-1i3nCJ2gIJ-001z26; Tue, 03 Sep 2019 17:22:40 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Sebastian Moeller In-Reply-To: Date: Tue, 3 Sep 2019 17:22:39 +0200 Cc: Mikael Abrahamsson , cerowrt-devel , bloat Content-Transfer-Encoding: quoted-printable Message-Id: <81C16404-35EA-4686-A18B-C533A6A02546@gmx.de> References: To: =?utf-8?Q?Dave_T=C3=A4ht?= X-Mailer: Apple Mail (2.3445.104.11) X-Provags-ID: V03:K1:nrQn0T4aE2MCtAXBLf5r5HXfPrYRlfIs9QlCMD5S5CBcOaDfMNI Ys5L4C93tpXN9Sp9Yu6DHQatXugG8D+Pnk88fTHNxn+y238EAssmxjk7ddfSus3fNd2L1+U sQkU6fVDVJnOacNLNm95c266mC3F6NQbExsWyxIJKg+UCS/K1z5w5ydETygpRd/zVeSm7Px XJbZgliJreI3Fo7HUmenA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:Ze9kMnW+U6M=:364kFhUjX/HhiNckmsNsLV QQFz+1BAZhWrq9CjNKSDZ57YNQMrpoVyiMZhgWjHuVlenFzl7uzhTBTX9zMDn9l2QwUjZ+JiY pVgQMI6NMbidufo9htQMtxS9Do8USr6Gp6bpckJ+RJcr8fXMe/vLAssEDJFkGra+jCdxJQNwg OeWDrYO11/ikEEIYCtQACtaN7DjLM7j3RZgstUGYFykP2/Az/+JD7mxSfLrTNlY01L3yUe0yZ dttwDHEsiSy1XeOyZIVkSMPYGyn0olaMOkHWaaZoJ7o5VF5IPMlapcGGyvANLCCN9Rq+4uqYP +uUaxar9T1wG5VvWp1D0wd+xhlIQGeYmai/BRt/tJxf3VP+h/GGxh7jQVUXHl1tZBAQuG66LB RQKMYq1dYaTy7/WLVBf1M+47iT3Mfc7HF4q3xacasUaU9TGRxWhFp+4bCYgsfFKvDlBqH+biT BPw8QzbHjJQAOzeQDEK6ef3JlMR36d/2CNOijlYJI0I1HehJKKsxARVqmciAbtJeCIg6wQXyr khFyeRi03+Z4aM0THCfaTxGvFWaK8PTPAJR0TWr7PbDM8pe3wSDKGqvU05NRC0vbE5OwaquzY Eict8xxrr/g9YyJcdsT2KnDXiHT9VPACbNP6hJDAV0oOUeq2jZwuNcO1Q0T69j1wRzRRSHJII Sblxa8jZwQLpqDobDV6MugNxNjR1l2iV77DjBVxlCzoPjy6sOx1PJ1Xyy6UW8MfCb5ZGoCvn+ naKfNJAGVsIjfee7TxqWXSsWz9QcADtcSIguCvMsHPCpPLVx51hs/ujIFUczQbMo/eeUaDNPN fOvUOma9bMM2Kg7NCaU0Datw1DPoWNW7stnaRxK3wYbHBak8HZ+yesSZx9hiVup2HTxIbDf+P pD19zUZAFe3RCWBiwW71o6b4dEJ6/cr5vgG3KWyxWCOrrj32/w4PlrisdsjSWwZNb0LWjrrEK T6BRRHRO0qItIolHjxNXW0OUlKaflcL2iT7eXJkd2KIW5SqkCmZoc+IZdHlOLt4KXhkEA9XFI JldPFfbv4MhEk9Vvz8F1Y+P8+9pqFoF6VrqL777ymhkAfFPNv8asTle1gCjJDmw57AKov6HPI OQQ0p6ftR98x7qIdRiBwRxnmN9CYVaYHc2Wd0sdEIpR65OGd+l1uCnZWu2JP5neuHtdbEETwR kGk3ap1YqCZQFnoFHQwaT012Pb+XNb2mpoNxSvyMhAv9lbOQ== Subject: Re: [Bloat] [Cerowrt-devel] talking at linux plumbers in portugal next week X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2019 15:22:45 -0000 Not sure this is on-topic, but: = https://www.prnewswire.com/news-releases/root-cause-analysis-and-incident-= report-on-the-august-ddos-attack-300905405.html https://lists.gt.net/nanog/users/206044 > On Sep 3, 2019, at 16:21, Dave Taht wrote: >=20 > On Tue, Sep 3, 2019 at 5:23 AM Mikael Abrahamsson = wrote: >>=20 >> On Mon, 2 Sep 2019, Dave Taht wrote: >>=20 >>> with copy-pasted parameters set in the 90s - openwrt's default, last = I >>> looked, was 25/sec. >>=20 >> -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit = --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN >> -A syn_flood -m comment --comment "!fw3" -j DROP >>=20 >> Well, it's got a burst-size of 50. I agree that this is quite >> conservative. >>=20 >> However, at least in my home we're not seeing drops: >>=20 >> # iptables -nvL | grep -A 4 "Chain syn_flood" >> Chain syn_flood (1 references) >> pkts bytes target prot opt in out source = destination >> 2296 113K RETURN tcp -- * * 0.0.0.0/0 = 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50 /* = !fw3 */ >> 0 0 DROP all -- * * 0.0.0.0/0 = 0.0.0.0/0 /* !fw3 */ >>=20 >> But you might be right that in places with a lot more clients then = this >> might indeed cause problems. >=20 > Well, *I* long ago had upped those params by 10x and don't see syn > drops either on my backbone. But I rather suspect the rest of the > world just copy-pasted it. It should scale as a function of bandwidth, > I suppose, or get updated as a side effect of setting QoS - or just > get bumped up. Start a bug over with openwrt? Take a hard look at > other firewall designs? >=20 > Like I said, though, my big question was is there a browser stat or > some other easily accessible stat to see how > often syns are rejected? Another context for this was syn negotiation > with ecn on and the fallback. >=20 > Interestingly, I've also seen a pretty big uptick in ecn marking over > the last year or so, on one uplink (we do have a lot of guests that > run apple gear), it's now at over 10% of of the drop ratio on > outbound. >=20 > This box is - I hope - the last cerowrt box running in the universe - > and the only reason it ever goes down is because of a long duration > power failure. I've been meaning to replace it for ages... >=20 > root@lounge:~# uptime > 07:14:53 up 55 days, 17:14, load average: 0.16, 0.09, 0.10 >=20 > outbound: >=20 > qdisc fq_codel 120: parent 1:12 limit 1001p flows 1024 quantum 300 > target 5.0ms interval 100.0ms ecn > Sent 159378714029 bytes 1038654784 pkt (dropped 426065, overlimits 0 > requeues 0) > backlog 0b 0p requeues 0 > maxpacket 1514 drop_overlimit 0 new_flow_count 213282954 ecn_mark = 48220 > new_flows_len 0 old_flows_len 1 >=20 > inbound: (where comcast remarks most packets to CS1) >=20 > qdisc fq_codel 120: parent 1:12 limit 1001p flows 1024 quantum 1500 > target 5.0ms interval 100.0ms ecn > Sent 40391986695 bytes 34710741 pkt (dropped 420, overlimits 0 = requeues 0) > backlog 0b 0p requeues 0 > maxpacket 1514 drop_overlimit 0 new_flow_count 5687382 ecn_mark 0 > new_flows_len 0 old_flows_len 2 > qdisc fq_codel 130: parent 1:13 limit 1001p flows 1024 quantum 300 > target 5.0ms interval 100.0ms ecn > Sent 2285974845172 bytes 1748071724 pkt (dropped 61231, overlimits 0 > requeues 0) > backlog 0b 0p requeues 0 > maxpacket 1514 drop_overlimit 0 new_flow_count 229072930 ecn_mark 344 > new_flows_len 0 old_flows_len 1 >=20 >=20 >>=20 >> -- >> Mikael Abrahamsson email: swmike@swm.pp.se >=20 >=20 >=20 > --=20 >=20 > Dave T=C3=A4ht > CTO, TekLibre, LLC > http://www.teklibre.com > Tel: 1-831-205-9740 > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel