Hi, On Thu, Aug 11, 2011 at 9:54 AM, Slawa Olhovchenkov <s...@zxy.spb.ru> wrote: > On Thu, Aug 11, 2011 at 11:33:37PM +1000, Lawrence Stewart wrote: > >> >>> Autotunig w/o limits is bad idea. This is way to DoS. >> >> >> >> Depends how it is implemented. With appropriate backpressure mechanisms >> >> put in place, it could be perfectly safe. I envisage reassembly segments >> >> being at the bottom of the heap in terms of importance, so if a machine >> >> were to come under memory pressure, they would be the first thing to be >> >> reclaimed. TCP would continue to operate if they got pulled out from >> >> under the connection as the protocol doesn't consider segments held in >> >> reassembly to have been delivered, so would recover via retransmission. >> > >> > Yes, TCP would continue to operate. But attacker don't allow to put >> > system under memory pressure. >> >> Without a concrete patch to discuss, let's just agree to disagree for >> the time being. FreeBSD does a fairly good job autoscaling and reacting >> to pressure with the VM subsystem for example. I don't see why we >> can't > > Yes, and VM system allow to set different memory limits for proccess (and now > for jails). > >> become good at doing it with the netstack. Manual tuning sucks and can >> be just as dangerous if you tune things up to get performance, which >> opens you up to the same problems. > > Autoscaling with limits is good. > Automatic computation of limits (from available resources) also is > good (currently limits frequently to small for modern installation, > but don't remember about embeded systems). > <off topic> All the useless limitation BSD puts all over the place wrt. memory management is a huge pain to deal with. nmbcluster, zone limitation and friend are just useless. Just try to use NetGraph with a consequent number of nodes and a high enough pps and the stuff with will start dropping packet all over the place, even if the box has Gigs of free memory. <off topic/>
- Arnaud _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
