[Unbound-users] unbound closes receive socket => udp probes
Ilya Bakulin
Ilya_Bakulin at genua.de
Mon Aug 12 15:49:42 UTC 2013
Hi Wouter,
On Monday 29 July 2013 16:51:46 W.C.A. Wijngaards wrote:
> On 07/29/2013 03:44 PM, Ilya Bakulin wrote:
> > We have another suggestion, that may help -- adding some constant
> > value to the calculated RTT. This will slow the rps rate, but at
> > least eliminate ICMP flood in cases when there are some
> > fluctuations in the network that cause answers to arrive a bit
> > slower. I have tried to find a right place in the code to add this,
> > but seems I haven't succeed. Could you please help me?
> And in util/rtt.c:69
> rtt_timeout(const struct rtt_info* rtt)
> The timeout routine returns the actual timeout that is used to wait
> for packets, here you could add +50 msec (if it is smaller than 50).
Today I was finally able to test the change.
I have patched rtt_timeout() to return rtt->rto + 50 (ms),
so the Unbound always has this "safe" reserve for the case when
the server starts to lag.
This seems to work wonderful!
If the server doesn't have any problems, the request rate is not affected
at all. If there are lags, now I have nothing in the logs after running my
test scripts. On the unpatched version I get dozens of "UDP probe" messages
from our extreme paranoid kernel, which correspond to outcoming "ICMP
unreach" messages in case of normal setup.
Thank you very much for the suggestion.
> If this works well and does not impact normal users then we could
> think to include the fix.
Please consider including this fix in some form in the next version of
Unbound, this seems to be easy and effective solution :-)
Maybe make the value tunable from the config file, but you certainly know
better how it suits the concept.
--
Ilya
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20130812/42823786/attachment.bin>
More information about the Unbound-users
mailing list