hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruilong Huo <r...@pivotal.io>
Subject Re: Turning off DoS protection in hawq
Date Sun, 11 Dec 2016 12:13:24 GMT
Thanks Zhanwei for the clarification.

It is worthwhile to understand the highest tcp connection frequency that
would cause OS consider the connection as DoS.
We can then evaluate at which degree of concurrency (partitioned tables,
column storage, etc) in hawq would cause that problem.

BTW, here is some detail mechanism of protecting DoS with sync cookies:
http://security.stackexchange.com/questions/20904/using-syn-cookies-to-perform-a-dos-attack
.

Best regards,
Ruilong Huo

On Sun, Dec 11, 2016 at 10:09 AM, Zhanwei Wang <wangzw@apache.org> wrote:

> HI Ruilong
>
>
> According the pervious stress test, under very high workload, OS will
> consider the connection from HAWQ to HDFS as Dos and reject the connect
> request and then HAWQ query will fail.
>
> After disabling CO table in HAWQ, we have significantly reduced the file
> write workload, I think it is time to reconsider this OS setting.
>
>
>
> Best Regards
>
> Zhanwei Wang
> wangzw@apache.org
>
>
>
> > 在 2016年12月11日,上午8:38,Ruilong Huo <rhuo@pivotal.io> 写道:
> >
> > Hi hawq community,
> >
> > Anyone know that why we turn off DoS protection in hawq by setting
> > net.ipv4.tcp_syncookies to off in /etc/sysctl.conf? Any other reason from
> > hawq perspective other than below two more from operating system
> > perspective?
> >
> > 1) increase the number of concurrent tcp clients
> >
> > 2) reduce cpu overhead for creating and processing the syncookies. Though
> > the overhead is tiny
> >
> > BTW: HAWQ turn off DoS protection
> > <http://hdb.docs.pivotal.io/210/hdb/install/install-cli.html> while
> > Greenplum Database enable DoS protection
> > <http://gpdb.docs.pivotal.io/4320/install_guide/prep_os_
> install_gpdb.html> by
> > default.
> >
> > Best regards,
> > Ruilong Huo
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message