[vpsFree.cz: community-list] Navrh na vylepseni

Stanislav Petr glux at glux.org
Mon Dec 15 13:37:47 CET 2014


Cau,

behem aktualniho vypadku node5.prg jsem si vsimnul ze doslo k 
zaloopovani routingu:

  7  78.102.13.33.static.b2b.upcbusiness.cz (78.102.13.33)  18.345 ms  
15.667 ms  11.257 ms
  8  cz-prg01a-ra4-vla2119.net.upc.cz (84.116.221.78)  9.942 ms  10.872 
ms  10.674 ms
  9  213.46.172.222 (213.46.172.222)  12.096 ms 213.46.180.18 
(213.46.180.18)  11.938 ms 213.46.172.229 (213.46.172.229)  12.523 ms
10  cz-prg-asbr1-te0-0-0-5.dialtelecom.cz (82.119.252.105)  12.487 ms  
14.653 ms  14.992 ms
11  master-gw.dialtelecom.cz (212.24.145.50)  14.333 ms  14.180 ms  
14.004 ms
12  praha-4d-c1-vl260.masterinter.net (81.31.39.82)  23.238 ms  55.936 
ms  62.881 ms
13  praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98)  34.070 ms  
34.065 ms  34.029 ms
14  praha-4d-c1-vl128.masterinter.net (81.31.40.97)  65.664 ms  68.594 
ms  48.617 ms
15  praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98)  11.639 ms  
15.290 ms  15.274 ms
16  praha-4d-c1-vl128.masterinter.net (81.31.40.97)  48.856 ms  48.797 
ms  48.378 ms
17  praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98)  16.499 ms  
16.440 ms  24.008 ms
18  praha-4d-c1-vl128.masterinter.net (81.31.40.97)  42.477 ms  42.921 
ms  42.380 ms
19  * * *
20  praha-4d-c1-vl128.masterinter.net (81.31.40.97)  40.163 ms  36.560 
ms  36.508 ms
21  * praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98)  13.699 ms 
  9.331 ms
22  praha-4d-c1-vl128.masterinter.net (81.31.40.97)  146.441 ms  140.939 
ms  129.520 ms
23  praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98)  15.748 ms  
13.014 ms *
24  praha-4d-c1-vl128.masterinter.net (81.31.40.97)  120.222 ms  120.864 
ms  120.865 ms

Predpokladam proto, ze jednotlive servery oznamuji kadresy OpenVZ 
kontejneru dynamicky (asi OSPF). Tady bych si ale dovolil navrhnout 
jednu upravu - na router vpsfree by to chtelo pridat routu na rozsahy ze 
kterych jsou propagovany jednolive VPS jako blackhole (a pro jistotu 
jeste s vetsi metrikou), tak aby ve chvili kdy vypadne routa ke 
konkretniu VPS zacal router pakety zahazovat misto posilani ven default 
routou. Protoze pokud by k padu serveru doslo v dusledku DDoS utoku, 
stavajici nastaveni by monutnost utoku jeste znasobilo (zbyvajici 
TTL/2*pocet paketu).

-- 
Stanislav Petr
glux at glux.org
stanislav at petr.email
+420 602 620 026



More information about the Community-list mailing list