Daniel Wilson
asked on
What on CentOS would serve as a DDOS filter?
I am using JMeter to do some mild load testing. I've started with a CentOS installation at Digital Ocean.
I run X virtual users in a span of 100 seconds. When I ramp X up any higher than 200, I get the connections after 200 (or thereabouts) refused. The server is still running. Without doing anything to it, I can connect again in another minute or so.
If I run JMeter on the VPS (droplet in Digital Ocean parlance), it runs fine ... until I ramp up high enough to get Java memory problems in JMeter. If I run JMeter on a VPS beside the target, I get the same errors as I get from my PC.
So it has something to do with some networking ... something. I opened a ticket with Digital Ocean and they say it's not an intermediate device they have that is causing this.
So, what that commonly installs with CentOS would be shutting this off? I've tried running with IPTables stopped and that hasn't changed anything.
Thanks!
I run X virtual users in a span of 100 seconds. When I ramp X up any higher than 200, I get the connections after 200 (or thereabouts) refused. The server is still running. Without doing anything to it, I can connect again in another minute or so.
If I run JMeter on the VPS (droplet in Digital Ocean parlance), it runs fine ... until I ramp up high enough to get Java memory problems in JMeter. If I run JMeter on a VPS beside the target, I get the same errors as I get from my PC.
So it has something to do with some networking ... something. I opened a ticket with Digital Ocean and they say it's not an intermediate device they have that is causing this.
So, what that commonly installs with CentOS would be shutting this off? I've tried running with IPTables stopped and that hasn't changed anything.
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is nothing else in Centos that would be limiting the connections, is it possible to test from multiple IP's at the same time to see if it is a limit on an IP or a blanket limit.
Could be as Nick says as well...
Could be as Nick says as well...
ASKER
No, xinetd does not appear to be running. Here's the list of processes.
[dwil@YBDev2 ~]$ ps -A
PID TTY TIME CMD
1 ? 00:00:00 init
2 ? 00:00:00 kthreadd
3 ? 00:00:00 migration/0
4 ? 00:00:00 ksoftirqd/0
5 ? 00:00:00 migration/0
6 ? 00:00:00 watchdog/0
7 ? 00:00:00 events/0
8 ? 00:00:00 cgroup
9 ? 00:00:00 khelper
10 ? 00:00:00 netns
11 ? 00:00:00 async/mgr
12 ? 00:00:00 pm
13 ? 00:00:00 sync_supers
14 ? 00:00:00 bdi-default
15 ? 00:00:00 kintegrityd/0
16 ? 00:00:00 kblockd/0
17 ? 00:00:00 kacpid
18 ? 00:00:00 kacpi_notify
19 ? 00:00:00 kacpi_hotplug
20 ? 00:00:00 ata_aux
21 ? 00:00:00 ata_sff/0
22 ? 00:00:00 ksuspend_usbd
23 ? 00:00:00 khubd
24 ? 00:00:00 kseriod
25 ? 00:00:00 md/0
26 ? 00:00:00 md_misc/0
27 ? 00:00:00 linkwatch
28 ? 00:00:00 khungtaskd
29 ? 00:00:00 kswapd0
30 ? 00:00:00 ksmd
31 ? 00:00:00 aio/0
32 ? 00:00:00 crypto/0
37 ? 00:00:00 kthrotld/0
39 ? 00:00:00 kpsmoused
40 ? 00:00:00 usbhid_resumer
74 ? 00:00:00 kstriped
128 ? 00:00:00 scsi_eh_0
129 ? 00:00:00 scsi_eh_1
237 ? 00:00:00 virtio-blk
249 ? 00:00:00 jbd2/vda-8
250 ? 00:00:00 ext4-dio-unwrit
324 ? 00:00:00 udevd
357 ? 00:00:00 virtio-net
601 ? 00:00:00 udevd
656 ? 00:00:00 kauditd
712 ? 00:00:00 flush-252:0
873 ? 00:00:00 auditd
889 ? 00:00:00 rsyslogd
911 ? 00:00:00 redis-server
949 ? 00:00:00 sshd
1025 ? 00:00:00 master
1034 ? 00:00:00 pickup
1035 ? 00:00:00 qmgr
1041 ? 00:00:05 mongod
1059 ? 00:00:00 crond
1077 ? 00:00:00 miniserv.pl
1087 tty1 00:00:00 mingetty
1089 tty2 00:00:00 mingetty
1091 tty3 00:00:00 mingetty
1093 tty4 00:00:00 mingetty
1095 tty5 00:00:00 mingetty
1097 tty6 00:00:00 mingetty
1229 ? 00:00:00 sshd
1231 ? 00:00:00 sshd
1232 pts/0 00:00:00 bash
1251 pts/0 00:00:00 ps
what are you using for the connections, httpd for example can also limit the number of connections
ASKER
I'm connecting directly to the Node service. There is no proxy in between.
I can successfully run 200 virtual users from 2 different servers simultaneously. I'll ramp it up a little higher and see what I get.
I can successfully run 200 virtual users from 2 different servers simultaneously. I'll ramp it up a little higher and see what I get.
ASKER
300 virtual users over 100 seconds, from each of 3 machines was also OK. 500 from each caused whatever's shutting it down to kick in.
have you checked the configuration files / documentation for the node service to see if it has a limit by default
ASKER
Node does have a limit, but changing that limit has no effect. So the node expert says it's something on the server other than Node. Or ... something by Digital Ocean. But Digital Ocean says it isn't them. :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No real resolution, but effort is very much appreciated.
ASKER