The syncache tests were performed on the target machine using the following system default values: hashsize = 512, cachelimit = 15359, bucketlimit = 30. The results of the test are presented in Figure 3.
As the graph shows, the syncache is effective at handling a SYN flood while still allowing incoming connections. Here, 99% of the incoming connections are completed within 300 microseconds, which is on par with the time required to connect to an idle unmodified system. For comparison, the performance of an unmodified system experiencing a SYN flood is also shown. All of the trials in the test were performed with a listen queue length of 1024.
One interesting result is that the connection latency decreases even when the target box is not experiencing SYN flooding. This is shown by comparing the 'syncache idle' and 'RELENG_4 idle' lines on the graph, which indicate how long it takes to connect to a quiescent system. This result may be attributed to the smaller data structure used to hold the syncache, as the size of the TCP and socket structures allocated and initialized on an unmodified system total 736 bytes, while the smaller syncache structure is only 160 bytes.
|