[ratelimits] FYI-- a story about rate limit deployment
Mark Boolootian
booloo at ucsc.edu
Thu Jan 24 20:09:55 UTC 2013
Attached is a graph showing the success of deploying RRL here. Our
authoritative name servers are generally very lightly loaded,
typically seeing no more than 50 packets/second. On January 5th, we
began seeing reflection attacks targeting a variety of destinations,
with pps rates jumping to 5K+, where they have remained. We installed
the RRL patches on January 8th, configured thusly:
rate-limit {
responses-per-second 5;
window 5;
};
The benefit was immediate and significant. In the attached graph,
blue is traffic outbound from the authoritative name servers, green
inbound.
mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DNS-RRL.png
Type: image/png
Size: 21480 bytes
Desc: not available
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130124/ac1071c4/attachment-0001.png>
More information about the ratelimits
mailing list