What I learned from being /.-ed
Some time ago, I got to enjoy my 15 minutes
of fame; when my tongue-in-cheek smutcraft project featured on slashdot. It made for an interesting
traffic spike, moreso when you consider I killed apache fairly shortly
after the tidal wave hit.
Anyway, it was a kind of interesting experience, and I learned soem
things from it.
- Enjoy the script kiddies.
- If you get mentioned on /., expect to promptly become a target for
script kiddies with syn floods and other DOS attempts. In fact, not just
you, but your upstreams will find that there's an excitable band of
fuckwits who have little to do but follow slashdot links and try to knock
down servers and networks. This lasted a long, long time, and cause a huge
number of problems for upstream providers.
- IDE bites.
- Well, I guess I didn't learn that as much as have it reinforced; on my
crummy old 486-100, the interrupt thrashing brings the box to its knees.
Once that started happening, the whole downward sprial began, with the
system able to service fewer and fewer requests, more sockets holding open,
and eventual death occuring shortly thereafter. To be fair to ATA standard
kit, UltraDMA drives might do better than my creaky old ones.
- Tune, tune, tune.
- When smutcraft got slashdotted, it was living on a 480-100 with 32
MB of RAM and a 3C509 network adapter. It had a 10Mb network connection
onto the CityLink network, and
thence to Paradise. It wilted.
Badly. As SYN flooding and actual users queued up, the untuned linux 2.0.x
kernel held conncetions open. Since apache couldn't deal with users quick
enough, connections piled up. Memory went. Eventually, the box ground to a
halt as the network stack consumed all the available memory.
You can't tune a 2.0.x kernel's network parameters dynamically, so a reboot
with a fresh 2.2.x kernel was in order. With some changes forcing idle
connections to drop quickly, all was well.
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps