From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 91E113B29E; Sun, 22 Jan 2017 09:38:38 -0500 (EST) Received: by mail-qt0-x233.google.com with SMTP id x49so84125683qtc.2; Sun, 22 Jan 2017 06:38:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=9XO23SLGV6e1cHfAWXyKfe4BiyGsBinfl717uLDZnKU=; b=mamPYeJibFVTbk7ddsoU4p5IwLKvRajCCQGOeJgdZS6Ikv78ZHUHnkrEu913HqMOYu Wn9TVT6Y31tTB0UtdZTJycsTLP+zoeWOnGJ52v2YIL0VSPHp4LjNsu0AnUGHcm6nhnpj lrAgE1e6ldeWAGRU8Ze6B3B5CKhCOqAqp0AtSyVBFTJ+pzomVT3umjqLGgr3NIdrojxd Io34nl1ggGm/25kNUqQex8r4Bgte5V52ptquzZ1PmerR4muIhDV4IMXJajDxtuPu+uB1 u5mZpcZ0cUUV9GOFHNriRcEsNgKbi67RFmNwJop8EJDl1SRvhV4Buzq2Yn8WcWoO80Rg CtWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=9XO23SLGV6e1cHfAWXyKfe4BiyGsBinfl717uLDZnKU=; b=dd/6x+i17aqxnfZbDbAhMI1NRvUwoyj830kI9Q+BnMmf7kss757gEw1OEnu0hifQb4 LAyHMlpgX0Wdoo586RbE9SBXSuiqKSZ33J45BzZct8rzo/DfJ3ZMQxJCYJ3c5z46/0PG G635DtAzrKs50J2bwql2kze0aHATiZ7rtxiLaY/+yhUSKtRB4jbo3GMKu9AlQEYxJvEQ 4bE6fYU03pG+aptGvzK9m8Yabjthn4pU0RPKc2VXcqChgzKdpSaDl+dX17HNmBznx8Zk 52x9ldc0N2JItfBTehWtuufvE8NwV4zA6xZ5NQ/mjgKGr6aWAos9FHEUv+vz+GwdiJwT 3Clg== X-Gm-Message-State: AIkVDXJAJ31ujNwjO5PRTD/fMIB+Qqhtxkd1vfCKBEHZ0BpUgYXo7mwzsQ3SsBQ8DMfKeA== X-Received: by 10.200.50.147 with SMTP id z19mr19750968qta.207.1485095918013; Sun, 22 Jan 2017 06:38:38 -0800 (PST) Received: from richs-mbp-8080.lan (pool-64-222-227-238.port.east.myfairpoint.net. [64.222.227.238]) by smtp.gmail.com with ESMTPSA id e3sm11048466qtg.7.2017.01.22.06.38.37 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 22 Jan 2017 06:38:37 -0800 (PST) From: Rich Brown Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <10DEE4A8-E687-46F5-809B-EFD838B2820B@gmail.com> Date: Sun, 22 Jan 2017 09:38:36 -0500 To: bloat , cerowrt-devel , make-wifi-fast@lists.bufferbloat.net Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) Subject: [Cerowrt-devel] Connection limits at netperf.bufferbloat.net X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jan 2017 14:38:38 -0000 Hi folks, My bandwidth bill for netperf.bufferbloat.net was creeping up (exceeding = the 4 TByte/month default for my VPS). It's easy to buy more bandwidth, = but... Analysis of the logs show there are many IP addresses (remarkably, a = large number in Portugal) that were establishing >1000 netperf = connections per hour (most hosts were creating exactly 1080 = connections/hour, every hour for days at a time, also remarkable). I had created a script that would analyze the log files and block the = heavy users in iptables. This worked for a while (~6 months) but the = tide keeps coming in, and I needed a new algorithm. I have just (within the last hour) implemented an iptables filter that = blocks new connections after it has received 20 connections within 120 = seconds. It seems to work in my simple testing [1] I write to you because: 1) I've changed the test server for many people. I'm hopeful that it = isn't a big change, but I want to alert you to the possibility of = different results. 2) If this affects your test regime(s), let's talk about whether there's = a way to tweak the filter Many thanks! Rich [1] Test procedure - sh betterspeedtest.sh -t 10 # 10 seconds, normal settings, = worked as expected - sh betterspeedtest.sh -t 10 -n 100 # 100 simultaneous connections, = upload test failed (speed=3D0Mbps) - Wait three minutes - sh betterspeedtest.sh -t 10 # 10 seconds, worked again=