[nsd-users] NSD TCP and UDP performance
Wouter Wijngaards
wouter at NLnetLabs.nl
Fri Nov 16 11:22:56 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
After the discussion on the mailing-list the other week the development
team revisited the issues with respect to TCP-Nagle-algorithm and the
the UDP performance increase by implementing multiple reads after a
single select.
These improvement ideas are from Aaron Hopkins (thanks! :-)), and
implement non-blocking I/O, UDP performance and TCP performance
features. The non-blocking I/O has already been implemented as part of a
bugfix for NSD 3. The UDP performance gain (using multiple reads per
select) increases NSD resilience to high load (denial of service
attacks). The TCP performance gain (avoiding extra roundtrip by TCP
Nagle algorithm) increases NSD resilience to high TCP load (DoS). Code
size of the features is expected to be pretty small.
As you may be aware we are trying to stick to NSD's design principles
and simplicity is key. Hence we are careful with changes that are
potentially non-standard and/or non-portable. In the past, we did not
implement the UDP performance improvement because they represented a
paradigm shift in select/read usage that might lead to non-portability.
Besides, we were concentrating on proper behavior of NSD3 as secondary
server.
With respect to tweaking the Nagle algorithm, resiliency to DOS is an
important design criterion for NSD. The fact that in the last few years
DOS attacks with non-spoofed addresses become more likely has made us
look very careful at the proposed patch again
You may expect these features to be available in 3.1.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHPX2QkDLqNwOhpPgRAuJVAJ48istGpGJ/g3cgAkjIHVf6pHYpoQCghMEP
OoSjUdoJ+72a2CV5FDA0z3A=
=cBtZ
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list