[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

What on CentOS would serve as a DDOS filter?

I am using JMeter to do some mild load testing.  I've started with a CentOS installation at Digital Ocean.

I run X virtual users in a span of 100 seconds.  When I ramp X up any higher than 200, I get the connections after 200 (or thereabouts) refused.  The server is still running.  Without doing anything to it, I can connect again in another minute or so.

If I run JMeter on the VPS (droplet in Digital Ocean parlance), it runs fine ... until I ramp up high enough to get Java memory problems in JMeter.  If I run JMeter on a VPS beside the target, I get the same errors as I get from my PC.

So it has something to do with some networking ... something.  I opened a ticket with Digital Ocean and they say it's not an intermediate device they have that is causing this.

So, what that commonly installs with CentOS would be shutting this off?  I've tried running with IPTables stopped and that hasn't changed anything.  

Thanks!
0
Daniel Wilson
Asked:
Daniel Wilson
  • 7
  • 3
  • 2
3 Solutions
 
GaryCommented:
Is IPTables running or a firewall?
What are you connecting to?
0
 
Daniel WilsonAuthor Commented:
I tried turning IPTables off and got the same result.  I'm pretty sure that's the only firewall on the VPS/droplet. I'm connecting to a NodeJS application.
0
 
NickUpsonCommented:
depending upon what you are running to make the connection it could be xinetd, the configuration of which can define the number of permitted connections for each client/server protocol
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
GaryCommented:
There is nothing else in Centos that would be limiting the connections, is it possible to test from multiple IP's at the same time to see if it is a limit on an IP or a blanket limit.
Could be as Nick says as well...
0
 
Daniel WilsonAuthor Commented:
No, xinetd does not appear to be running.  Here's the list of processes.

[dwil@YBDev2 ~]$ ps -A
  PID TTY          TIME CMD
    1 ?        00:00:00 init
    2 ?        00:00:00 kthreadd
    3 ?        00:00:00 migration/0
    4 ?        00:00:00 ksoftirqd/0
    5 ?        00:00:00 migration/0
    6 ?        00:00:00 watchdog/0
    7 ?        00:00:00 events/0
    8 ?        00:00:00 cgroup
    9 ?        00:00:00 khelper
   10 ?        00:00:00 netns
   11 ?        00:00:00 async/mgr
   12 ?        00:00:00 pm
   13 ?        00:00:00 sync_supers
   14 ?        00:00:00 bdi-default
   15 ?        00:00:00 kintegrityd/0
   16 ?        00:00:00 kblockd/0
   17 ?        00:00:00 kacpid
   18 ?        00:00:00 kacpi_notify
   19 ?        00:00:00 kacpi_hotplug
   20 ?        00:00:00 ata_aux
   21 ?        00:00:00 ata_sff/0
   22 ?        00:00:00 ksuspend_usbd
   23 ?        00:00:00 khubd
   24 ?        00:00:00 kseriod
   25 ?        00:00:00 md/0
   26 ?        00:00:00 md_misc/0
   27 ?        00:00:00 linkwatch
   28 ?        00:00:00 khungtaskd
   29 ?        00:00:00 kswapd0
   30 ?        00:00:00 ksmd
   31 ?        00:00:00 aio/0
   32 ?        00:00:00 crypto/0
   37 ?        00:00:00 kthrotld/0
   39 ?        00:00:00 kpsmoused
   40 ?        00:00:00 usbhid_resumer
   74 ?        00:00:00 kstriped
  128 ?        00:00:00 scsi_eh_0
  129 ?        00:00:00 scsi_eh_1
  237 ?        00:00:00 virtio-blk
  249 ?        00:00:00 jbd2/vda-8
  250 ?        00:00:00 ext4-dio-unwrit
  324 ?        00:00:00 udevd
  357 ?        00:00:00 virtio-net
  601 ?        00:00:00 udevd
  656 ?        00:00:00 kauditd
  712 ?        00:00:00 flush-252:0
  873 ?        00:00:00 auditd
  889 ?        00:00:00 rsyslogd
  911 ?        00:00:00 redis-server
  949 ?        00:00:00 sshd
 1025 ?        00:00:00 master
 1034 ?        00:00:00 pickup
 1035 ?        00:00:00 qmgr
 1041 ?        00:00:05 mongod
 1059 ?        00:00:00 crond
 1077 ?        00:00:00 miniserv.pl
 1087 tty1     00:00:00 mingetty
 1089 tty2     00:00:00 mingetty
 1091 tty3     00:00:00 mingetty
 1093 tty4     00:00:00 mingetty
 1095 tty5     00:00:00 mingetty
 1097 tty6     00:00:00 mingetty
 1229 ?        00:00:00 sshd
 1231 ?        00:00:00 sshd
 1232 pts/0    00:00:00 bash
 1251 pts/0    00:00:00 ps

Open in new window

0
 
NickUpsonCommented:
what are you using for the connections, httpd for example can also limit the number of connections
0
 
Daniel WilsonAuthor Commented:
I'm connecting directly to the Node service.  There is no proxy in between.

I can successfully run 200 virtual users from 2 different servers simultaneously.  I'll ramp it up a little higher and see what I get.
0
 
Daniel WilsonAuthor Commented:
300 virtual users over 100 seconds, from each of 3 machines was also OK.  500  from each caused whatever's shutting it down to kick in.
0
 
NickUpsonCommented:
have you checked the configuration files / documentation for the node service to see if it has a limit by default
0
 
Daniel WilsonAuthor Commented:
Node does have a limit, but changing that limit has no effect.  So the node expert says it's something on the server other than Node.  Or ... something by Digital Ocean.  But Digital Ocean says it isn't them. :(
0
 
Daniel WilsonAuthor Commented:
It really appears to be something that Digital Ocean is running.  Thanks for the suggestions, but I was unable to resolve this at DO.
0
 
Daniel WilsonAuthor Commented:
No real resolution, but effort is very much appreciated.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 7
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now