httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: We are NOT ready for a beta.
Date Fri, 22 Dec 2000 13:37:01 GMT

Follow-up to previous message.

Before anyone accuses me of trying to launch a DOS attack
last night against 2.0 running at ASF I assure that was not
what I was testing. It was only 1000 connect/disconnect hits
from ApacheBench 3 times in a row about 1 minute apart.
That's more like normal traffic than any kind of DOS.

My intention was to test the reported issue of the filtering 
getting and invalid bucket if a connection drops before a
valid request is received ( IE: Connect but no data ).

It worked fine from here, as far as I can tell.

However... I suppose load balancers themselves like BigIP could be
considered to do DOS attacks against their own registered
back-ends, when you think about it. If some admin sets either
the 'touch' delay or the panic recovery polling to NO TIME then
the BigIP is going to start slamming it's backends just like
a DOS attack would.

This would be more likely when BigIP senses a connection
to a backend has DROPPED. It then goes into panic mode 
and if some admin wants to know the very millisecond when
that box comes back I suppose they might set the panic
turnaround that backend to NO TIME or something.

Perhaps moot point though, since any sane load balancer is
going to drop out of panic mode the minute it gets a few
good connections back to the missing backend server so
what looks like a DOS attack is 'supposed' to stop at that 

Kevin Kiley
CTO, Remote Communications, Inc.

> In a message dated 00-12-22 09:10:47 EST, Ryan writes...
>  > The locus downtime right now seems to be because of Apache 2.0.  I turned
>  > on 2.0 at about 10:30, and it worked just fine for about fifteen
>  > minutes.  Then at just about 10:45, the machine stopped responding to
>  > everything.  I am not sure what the issue is, because this doesn't happen
>  > on any of my machines when I run Apache.  I believe the problem is that 
>  > are trying to run every module, which I am not sure anybody has ever 
>  > before.
>  Maybe not.
>  I happened to 'see' it just as it came up last night so I decided
>  to test the 'connection without a request' issue reported yesterday.
>  I used an altered copy of ApacheBench to imitate a BigIP Load
>  balancer polling sequence and then turned it loose.
>  Everything was fine.
>  You won't see any entries in the log there because it was
>  simply connection/disconnecting immediately.
>  I slammed it about 1000 times on 3 different test runs and your
>  address never missed a beat. I got no errors on this end and
>  all connection attempts were successful.
>  Maybe that was what caused the 'freeze-up'... I don't know.
>  Everything was AOK on this end.
>  Yours...
>  Kevin Kiley
>  CTO, Remote Communications, Inc.

View raw message