Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP QoS for asymmetric DDoS mitigation #100

Closed
krizhanovsky opened this issue May 6, 2015 · 3 comments
Closed

HTTP QoS for asymmetric DDoS mitigation #100

krizhanovsky opened this issue May 6, 2015 · 3 comments
Assignees
@krizhanovsky
Labels
duplicate
Milestone
backlog

Comments

@krizhanovsky
Copy link
Contributor

To cope with DDoS attacks which are indiscernible from real flashcrowds, local stress module (stress/sys.c) detect that local system (on which Tempesta is running) is overloaded. When a stress
module decides that overloading occurred it should call generic classification logic, which shrinks current
connections list. A classifier assigns weights to currently established connections depending on how
much stress a connection causes to the system. The mostly aggressive connections are closed.

The stress module must measure current memory consumption, internal queues size, latencies and few other metrics. All the metrics must be configurable and if some of them are greater than specified limits, then the system stress is reported and Tempesta should evict connections. The weights are assigned to connections also depending on the values of the measures.
@krizhanovsky krizhanovsky self-assigned this May 6, 2015
@krizhanovsky krizhanovsky added this to the 0.5.0 SSL, Stable milestone May 6, 2015
@krizhanovsky krizhanovsky modified the milestones: 0.6.0 Stable, 0.5.0 SSL & TDB Jun 19, 2015
@krizhanovsky
Copy link
Contributor Author

Linked with #116, so move it to 0.5 as crucial task.

@krizhanovsky krizhanovsky modified the milestones: 0.5.0 SSL & TDB, 0.6.0 Stable Jun 26, 2015
@krizhanovsky krizhanovsky mentioned this issue Jun 26, 2015
Closed
@krizhanovsky krizhanovsky mentioned this issue Jul 10, 2015
Closed
@krizhanovsky krizhanovsky mentioned this issue Sep 7, 2015
Closed
@krizhanovsky
Copy link
Contributor Author

krizhanovsky commented Dec 23, 2015
edited

Number of TIME_WAIT & FIN_WAIT2 connections must be properly controlled and efficiently evicted (either using sysctl's at script layer or classifier from #488).

All data relating to evicted connection (e.g. TfwClient which has only one the connection) must be properly freed. This requirement depends on #235.

We also must implement default and Keep-Alive header defined timeouts for open connections.

Timers from #387 must be integrated with the eviction strategy for TfwCliConnection and TCP window calculation (#488).

@keshonok keshonok mentioned this issue Dec 28, 2015
Closed
@krizhanovsky krizhanovsky mentioned this issue May 19, 2016
Open
@krizhanovsky krizhanovsky modified the milestones: 0.6 WebOS, 0.5.0 Web Server Feb 26, 2017
@krizhanovsky krizhanovsky changed the title Evict TCP connections on local system stress HTTP QoS Feb 26, 2017
@krizhanovsky krizhanovsky changed the title HTTP QoS HTTP QoS for asymmetric DDoS mitigation Feb 26, 2017
@krizhanovsky
Copy link
Contributor Author

This is just an other side of #488, so I update #488 to incorporate all aspects of HTTP QoS and leave the issue only.

@krizhanovsky krizhanovsky mentioned this issue Nov 24, 2018
Closed
@EvgeniiMekhanik EvgeniiMekhanik mentioned this issue May 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@krizhanovsky krizhanovsky

Labels
duplicate
Projects
None yet
Milestone
backlog
Development

No branches or pull requests
1 participant
@krizhanovsky