On 09.09.2011 20:09, Ben Pfaff wrote:
On Fri, Sep 09, 2011 at 08:05:00PM +0200, S?bastien Riccio wrote:
Okay thanks it's clear. I'm trying to find a way to be nearly sure
that on a xen host if a customer vm gets hacked and starts flooding
the network like hell, it doesn't render the whole host u
On Fri, Sep 09, 2011 at 08:05:00PM +0200, S?bastien Riccio wrote:
> Okay thanks it's clear. I'm trying to find a way to be nearly sure
> that on a xen host if a customer vm gets hacked and starts flooding
> the network like hell, it doesn't render the whole host unreachable
> (That's what happened
On 09.09.2011 19:54, Ben Pfaff wrote:
On Fri, Sep 09, 2011 at 07:47:52PM +0200, S?bastien Riccio wrote:
That's expected behavior. When new flows constantly pop up, it takes
CPU time to decide what to do with them, and eventually you run out of
CPU time. This will be true of any kind of smart s
On Fri, Sep 09, 2011 at 07:47:52PM +0200, S?bastien Riccio wrote:
> It's more a cpu usage problem than memory, last test i did:
>
> hping3 -q -S -L 0 -p 80 -i u50 192.168.50.2
>
> PID USER PR NI VIRT RES SHR S*%CPU* %MEMTIME+ COMMAND
> 2211 root 10 -10 7660 3816 1076 R *93
On 09.09.2011 19:34, Ben Pfaff wrote:
On Wed, Sep 07, 2011 at 08:53:14PM +0200, S?bastien Riccio wrote:
For the details about the versions:
root@xen-blade13:~# ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 1.2.1+build0
Compiled Sep 6 2011 01:01:15
OpenFlow versions 0x1:0x1
It's the one f
On Wed, Sep 07, 2011 at 08:53:14PM +0200, S?bastien Riccio wrote:
> For the details about the versions:
>
> root@xen-blade13:~# ovs-vswitchd --version
> ovs-vswitchd (Open vSwitch) 1.2.1+build0
> Compiled Sep 6 2011 01:01:15
> OpenFlow versions 0x1:0x1
>
> It's the one from de debian unstable re
2011/9/7 Sébastien Riccio :
> On 07.09.2011 17:12, Ben Pfaff wrote:
>>
>> On Wed, Sep 07, 2011 at 01:28:16PM +0200, S?bastien Riccio wrote:
>>>
>>> I just did a test to see how openvswitch handle a flood from a
>>> virtual machine on a xen
>>> host using it as the networking layer.
>>>
>>> I just i
On Wed, Sep 07, 2011 at 01:28:16PM +0200, S?bastien Riccio wrote:
> I just did a test to see how openvswitch handle a flood from a
> virtual machine on a xen
> host using it as the networking layer.
>
> I just issued a :
>
> vm1# hping3 -S -L 0 -p 80 -i u100 192.168.1.1
>
> options I used are:
Hi,
I just did a test to see how openvswitch handle a flood from a virtual
machine on a xen
host using it as the networking layer.
I just issued a :
vm1# hping3 -S -L 0 -p 80 -i u100 192.168.1.1
options I used are:
-S set SYN tcp flag
-L set ACK tcp flag
-p destination port
-i u100 = interv
