Hi Tomas and thanks for your answer
As far as I know conntrack counts traffic per connection so yes if we
experience synflood/udpflood DDoS attack conntrack table becomes quite
huge. It doesn't break, it just became slow and takes a lot of memory to
hold. I can't tell the exact box properties to repeat the case because
we switched to ipt_account and disabled conntrack a long time ago. At
the moment our routers have 16 cpu cores and 16 gb ram per 1GE uplink
and Intel NICs with interrupts correctly distributed between cores.
These machines are enough to survive DDoS attacks that fit into 1GE
uplink bandwidth with ipv4 only and use ipt_account as a counter. Now we
want to add ipv6 support to our network and I'm unable to find a high
performance ipv6 per host traffic counter yet.
So you suggest to take another look to connrack + ulog2 solution, do you?
--
Best regards
Anton Khalikov
--
ipt_ACCOUNT - see http://www.intra2net.com/en/developer/ipt_ACCOUNT for details.
To unsubscribe send a mail to ipt_ACCOUNT+unsubscribe@xxxxxxxxxxxxxxxxxxxxxxx
|