[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 0/3][xen-netback][toolstack] add a pseudo pps limit to netback

On Mon, Aug 05, 2013 at 05:13:07PM +0200, William Dauchy wrote:
> VM traffic is already limited by a throughput limit, but there is no
> control over the maximum packet per second (PPS).
> In DDOS attack the major issue is rather PPS than throughput.
> With provider offering more bandwidth to VMs, it becames easy to
> coordinate a massive attack using VMs. Example: 100Mbits ~ 200kpps using
> 64B packets.
> This patch provides a new option to limit VMs maximum packets per second
> emission rate.
> It follows the same credits logic used for throughput shaping. For the
> moment we have considered each "txreq" as a packet.
> PPS limits is passed to VIF at connection time via xenstore.
> PPS credit uses the same usecond period used by rate shaping check.
> 
> known limitations:
> - by using the same usecond period, PPS shaping depends on throughput
>   shaping.
> - it is not always true that a "txreq" correspond to a paquet
>   (fragmentation cases) but as this shaping is meant to avoid DDOS
>   (small paquets) such an pproximation should not impact the results.
           ^^^^^^^          ^
           packets?         extra "p"?

> - Some help on burst handling will be appreciated.
> 

Is this series RFC? I don't see "RFC" in subject line. Do you intend to
address this problem (burst handling)?


Wei.

> v2:
> - fix some typo
> 
> v3:
> 
> - fix some typo
> - add toolstack patch
> 
> v4:
> - fix toolstack memleak
> Ahmed Amamou (1):
>   xen netback: add a pseudo pps rate limit
> 
>  drivers/net/xen-netback/common.h    |    2 ++
>  drivers/net/xen-netback/interface.c |    1 +
>  drivers/net/xen-netback/netback.c   |   41 
> +++++++++++++++++++++++++++++++++++
>  drivers/net/xen-netback/xenbus.c    |   31 +++++++++++++++++++++-----
>  4 files changed, 70 insertions(+), 5 deletions(-)
> 
> [toolstack]
> This patch will update the libxl in order to provide the new pps limit
> new pps limit can be defined as follow
> YYMb/s&XXKpps@ZZms
> or
> YYMb/s@ZZms&XXKpps
> or
> YYMb/s&XXKpps in such case default 50ms interval will be used
> 
> Ahmed Amamou (2):
>   handle pps limit parameter
>   netif documentation
> 
>  docs/misc/xl-network-configuration.markdown |   18 +++++--
>  tools/libxl/libxl.c                         |    3 ++
>  tools/libxl/libxl_types.idl                 |    1 +
>  tools/libxl/libxlu_vif.c                    |   70 
> +++++++++++++++++++++++++--
>  xen/include/public/io/netif.h               |   27 +++++++++++
>  5 files changed, 111 insertions(+), 8 deletions(-)
> 
> -- 
> 1.7.9.5

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.