On Fri, 2016-07-08 at 15:51 +0200, Toralf Förster wrote: > I do run a 4.6.3 hardened Gentoo kernel at a commodity i7 server. A > DDoS with about 300 MBit/sec over 5 mins resulted an issue for ipv6 at > that system. > > The IPv6 monitoring from my ISP told my that the to be monitored > services (80, 443, 52222) weren't reachable any longer at ipv6 (at > ipv4 there was no issue). Restarting the NIC brought back green lights > for the services at the ipv6 ports too.
Hard to tell without knowing DDOS details, but IPv6 lacks some scalability improvements found in IPv4. IPv4 no longer has a routing cache, but IPv6 still has one. Are you sure conntrack is needed at all ?
