|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] xen-netback: add a pseudo pps rate limit
On Jun24 17:22, William Dauchy wrote: > VM traffic is already limited by a throughput limit, but there is no > control over the maximum packet per second (PPS). > In DDOS attack the major issue is rather PPS than throughput. > With provider offering more bandwidth to VMs, it becames easy to > coordinate a massive attack using VMs. Example: 100Mbits ~ 200kpps using > 64B packets. > This patch provides a new option to limit VMs maximum packets per second > emission rate. > It follows the same credits logic used for throughput shaping. For the > moment we have considered each "txreq" as a packet. > PPS limits is passed to VIF at connection time via xenstore. > PPS credit uses the same usecond period used by rate shaping check. > > known limitations: > - by using the same usecond period, PPS shaping depends on throughput > shaping. > - it is not always true that a "txreq" correspond to a paquet > (fragmentation cases) but as this shaping is meant to avoid DDOS > (small paquets) such an pproximation should not impact the results. > - Some help on burst handling will be appreciated. > > v2: > - fixing some typo any chance to get it accepted? some other comments? Regards, -- William Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |