On 17:37:44 Jan 13, Max Hayden Chiz wrote: > Okay, maybe I wasn't clear what the problem is. The problem is that > having a high number of bittorrent connections causes high latency on > the external interface. Using max-src-states fixes this problem, but > I don't understand why it is a problem to begin with. > > From extensive experimentation here is what I have been able to determine: > > The problem has nothing to do with bandwidth. I don't experience this > problem with any other protocol (HTTP and FTP for example) and if I am > running a few connections and pulling down a huge chunk of my download > and using almost all of my upload, altq will work fine and I will have > little or no latency. > > On the other hand, I can cause this problem even if I am only using a > fraction of the bandwidth -- all I have to do is have the bittorrent > client start a bunch of torrents and make hundreds of connections > each. > > Altq isn't useful here because it isn't going to engage until there is > a backlog. Now, it is true that once the latency starts to rise, a > backlog will result, but I am already running a modified ack-priq and > the increase in latency becomes a problem (as in no one can browse the > web) long before it turns into backlog. I have played with the altq > six ways from Sunday in an attempt to solve this. It doesn't affect > anything unless I turn the bandwidth down to some ridiculously low > number. > > Although the increase in latency seems to generally slow down the time > it takes to process a packet. It seems to disproportionately impact > TCP handshakes. At first I thought this was just because the > handshake was experiencing 3x the latency increase, but after playing > with it more, it seems that the increase is more than linear. > > My concern is that this is a bug that would allow a malicious user to > perform a DoS attack on any router that allows for BitTorrent. If you > don't use max-src-states, then the BitTorrent user (even if bandwidth > limited by hfsc or cbq) can make an absurd number of connections and > increase latency to the point that the external interface becomes > unusable. >
Have you considered playing with TCP window sizes? Or the pf options? I bet it is a TCP issue. I know this isn't much helpful but this is the best I can do. Thanks. -Girish
