[nsd-users] NSD TCP and UDP performance

Wouter Wijngaards wouter at NLnetLabs.nl
Fri Nov 16 11:22:56 UTC 2007

Hash: SHA1


After the discussion on the mailing-list the other week the development
team revisited the issues with respect to TCP-Nagle-algorithm and the
the UDP performance increase by implementing multiple reads after a
single select.

These improvement ideas are from Aaron Hopkins (thanks! :-)), and
implement non-blocking I/O, UDP performance and TCP performance
features. The non-blocking I/O has already been implemented as part of a
bugfix for NSD 3. The UDP performance gain (using multiple reads per
select) increases NSD resilience to high load (denial of service
attacks). The TCP performance gain (avoiding extra roundtrip by TCP
Nagle algorithm) increases NSD resilience to high TCP load (DoS). Code
size of the features is expected to be pretty small.

As you may be aware we are trying to stick to NSD's design principles
and simplicity is key. Hence we are careful with changes that are
potentially non-standard and/or non-portable. In the past, we did not
implement the UDP performance improvement because they represented a
paradigm shift in select/read usage that might lead to non-portability.
Besides, we were concentrating on proper behavior of NSD3 as secondary

With respect to tweaking the Nagle algorithm, resiliency to DOS is an
important design criterion for NSD. The fact that in the last few years
DOS attacks with non-spoofed addresses become more likely has made us
look very careful at the proposed patch again

You may expect these features to be available in 3.1.

Best regards,
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


More information about the nsd-users mailing list