krizhanovsky
commented
9 years ago Linked with #116, so move it to 0.5 as crucial task.
Closed krizhanovsky closed 7 years ago
krizhanovsky
commented
9 years ago Linked with #116, so move it to 0.5 as crucial task.
krizhanovsky
commented
8 years ago Number of TIME_WAIT & FIN_WAIT2 connections must be properly controlled and efficiently evicted (either using sysctl's at script layer or classifier from #488).
All data relating to evicted connection (e.g. TfwClient which has only one the connection) must be properly freed. This requirement depends on #235.
We also must implement default and Keep-Alive header defined timeouts for open connections.
Timers from #387 must be integrated with the eviction strategy for TfwCliConnection and TCP window calculation (#488).
krizhanovsky
commented
7 years ago This is just an other side of #488, so I update #488 to incorporate all aspects of HTTP QoS and leave the issue only.
To cope with DDoS attacks which are indiscernible from real flashcrowds, local stress module (
stress/sys.c) detect that local system (on which Tempesta is running) is overloaded. When a stress module decides that overloading occurred it should call generic classification logic, which shrinks current connections list. A classifier assigns weights to currently established connections depending on how much stress a connection causes to the system. The mostly aggressive connections are closed.The stress module must measure current memory consumption, internal queues size, latencies and few other metrics. All the metrics must be configurable and if some of them are greater than specified limits, then the system stress is reported and Tempesta should evict connections. The weights are assigned to connections also depending on the values of the measures.