[Bloat] netperf server news

Dave Collier-Brown dave.collier-brown at indexexchange.com
Tue Oct 6 20:42:11 EDT 2020 

Number?

One or two that were complete and successful.  Maybe five unsuccessful tries.

More of a sequence than a time-period: u{1-5}s{1-2}

--daev


On 2020-10-06 4:40 p.m., Rich Brown wrote:

Thanks for the feedback. Some responses:

1) I'm glad that people are seeing reasonable speeds from the VPS. (I don't know what I can do to make it go faster, so I'm relieved...)

2) I don't think I posed the right question for the number-of-tests threshold. (Most of the responses were like, "Sure, that sounds like enough..." Let me reframe the question:

        In your normal testing/troubleshooting process, what is the maximum number of tests YOU might need to run in any two-day period?

3) If you can't get through to netperf.bufferbloat.net, send me your IP address because it might have been blacklisted.

Thanks!

Rich




On Oct 6, 2020, at 6:52 AM, Rich Brown <richb.hanover at gmail.com><mailto:richb.hanover at gmail.com> wrote:

To the Bloat list,

I had some time, so I looked into what it might take to keep the netperf.bufferbloat.net server on-line in the face of an unwitting "DDoS" attack - automated scripts that run tests every 5 minutes 24x7. The problem was that these tests would blow through my 4TB/month bandwidth allocation in a few days.

In the past, I had been irregularly running a set of scripts to count incoming netperf connections and blacklist (in iptables) those whose counts were too high. This wasn't good enough: it wasn't keeping up with the tidal wave of connections.

Last week, I revised those scripts to work as a cron job. The current parameters are: run the script every hour; process the last two days' of kern.log files; look for > 500 connections; drop those addresses in iptables.

There are currently 479 addresses blacklisted in iptables (that explains why the bandwidth was being consumed so quickly). There are only a few new addresses being added per day, so it seems that we have flushed out most of the abusers.

My questions for this august group:

1) The server at netperf.bufferbloat.net is up and running. I get full rate speed from my 7mbps DSL circuit, but that's not much of a test. I would be interested to hear your results.

2) The current threshold comes from this estimate: most speed tests use 10 connections: 5 connections up and 5 down. So 500 connections would permit about 50 tests over the course of two days. Is that enough for "real research"? (If you need more, I can add your address to my whitelist file...)

3) I would be pleased to get comments on the set of scripts. I'm a newbie at iptables, so it wouldn't hurt to have someone else check the rules I devised. See the README at https://github.com/richb-hanover/netperfclean

Thanks.

Rich




_______________________________________________
Bloat mailing list
Bloat at lists.bufferbloat.net<mailto:Bloat at lists.bufferbloat.net>
https://lists.bufferbloat.net/listinfo/bloat


--
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dave.collier-brown at indexexchange.com<mailto:dave.collier-brown at indexexchange.com> |              -- Mark Twain



CONFIDENTIALITY NOTICE AND DISCLAIMER : This telecommunication, including any and all attachments, contains confidential information intended only for the person(s) to whom it is addressed. Any dissemination, distribution, copying or disclosure is strictly prohibited and is not a waiver of confidentiality. If you have received this telecommunication in error, please notify the sender immediately by return electronic mail and delete the message from your inbox and deleted items folders. This telecommunication does not constitute an express or implied agreement to conduct transactions by electronic means, nor does it constitute a contract offer, a contract amendment or an acceptance of a contract offer. Contract terms contained in this telecommunication are subject to legal review and the completion of formal documentation and are not binding until same is confirmed in writing and has been signed by an authorized signatory.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/bloat/attachments/20201006/f8180f8b/attachment-0001.html>

More information about the Bloat mailing list