hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Guo <paul...@gmail.com>
Subject Re: Turning off DoS protection in hawq
Date Mon, 12 Dec 2016 02:19:03 GMT
By the way, just checked the doc. At least there is no need to set the
kernel tunable below
since the default value is that.

net.ipv4.ip_forward = 0



2016-12-11 20:13 GMT+08:00 Ruilong Huo <rhuo@pivotal.io>:

> Thanks Zhanwei for the clarification.
>
> It is worthwhile to understand the highest tcp connection frequency that
> would cause OS consider the connection as DoS.
> We can then evaluate at which degree of concurrency (partitioned tables,
> column storage, etc) in hawq would cause that problem.
>
> BTW, here is some detail mechanism of protecting DoS with sync cookies:
> http://security.stackexchange.com/questions/20904/using-syn-
> cookies-to-perform-a-dos-attack
> .
>
> Best regards,
> Ruilong Huo
>
> On Sun, Dec 11, 2016 at 10:09 AM, Zhanwei Wang <wangzw@apache.org> wrote:
>
> > HI Ruilong
> >
> >
> > According the pervious stress test, under very high workload, OS will
> > consider the connection from HAWQ to HDFS as Dos and reject the connect
> > request and then HAWQ query will fail.
> >
> > After disabling CO table in HAWQ, we have significantly reduced the file
> > write workload, I think it is time to reconsider this OS setting.
> >
> >
> >
> > Best Regards
> >
> > Zhanwei Wang
> > wangzw@apache.org
> >
> >
> >
> > > 在 2016年12月11日,上午8:38,Ruilong Huo <rhuo@pivotal.io> 写道:
> > >
> > > Hi hawq community,
> > >
> > > Anyone know that why we turn off DoS protection in hawq by setting
> > > net.ipv4.tcp_syncookies to off in /etc/sysctl.conf? Any other reason
> from
> > > hawq perspective other than below two more from operating system
> > > perspective?
> > >
> > > 1) increase the number of concurrent tcp clients
> > >
> > > 2) reduce cpu overhead for creating and processing the syncookies.
> Though
> > > the overhead is tiny
> > >
> > > BTW: HAWQ turn off DoS protection
> > > <http://hdb.docs.pivotal.io/210/hdb/install/install-cli.html> while
> > > Greenplum Database enable DoS protection
> > > <http://gpdb.docs.pivotal.io/4320/install_guide/prep_os_
> > install_gpdb.html> by
> > > default.
> > >
> > > Best regards,
> > > Ruilong Huo
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message