[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: enable tcp_syncookies by default?

On Thu, Jan 13, 2005 at 11:09:35AM -0500, Jeff Spaleta wrote:
> How does this scale with network activity and hardware resources? 
> Where are the cases where this becomes noticable?

Note that syncookies are not used until the synqueue is full, so unless the
server is under attack everything proceeds just as it would with syncookies
turned off.  They are only enabled when the queue fills up, and in that case
spending a bit more (I don't have any numbers on this) CPU time should be
favourable to not being able to answer incoming requests.

I run a fairly busy database-heavy website on a lowend PC (1.2ghz athlon)
that gets around a million hits per day - and also gets SYN flooded every
now and then.  After I enabled syncookies on the server it has always
managed to serve all valid requests.

So.. is there a reason why they are not enabled by default?


Attachment: pgp00055.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]