Friday, August 19, 2011

New sshttp available

I uploaded a new sshttp tarball to fix potential slowdown
for a special usage pattern where thousands of clients
without sending data upon connect would slow down
other users connections.





Friday, August 5, 2011

refactored IPv6 load balancing software

In 2003 I attended a class at University about IPv6.
Students have had to choose a topic to work about and I
chose to write a load balancing software for IPv6
utilizing the netfilter QUEUE target. It was one of the first
available load balancers for IPv6 ever, long before the
LVS project implemented IPv6.


It has since then been shown on a lot of conferences and follow-up
classes.


Since the old code was not the most performing one (even though
bandwidth and latency tests showed acceptable results) and
the underlying netfilter changes made it useless on new
Linux systems, I re-wrote it. It is now better performing,
is able to use multiple cores/SMP and runs as user.
Additionally the failover code for IPv4 has been improved
(it is able to balance IPv4 traffic too).


You can argue that, since it runs in userspace, it will
always perform badly. However if you have a site for testing
with enough traffic, I'd like to see results.


If I'd be a professor at University, I would just let one
of my students write a thesis about its performance and let
him do some measuring, but I am not. :)
My performance test on a 100MBit link showed no real impact
on either throughput or latency. GBit performance measuring
has to be done. Anyone?


The code with a guiding README can be found here.


In any case it sharpened my skills about IPv6 and its sisters
and that alone was really worth re-mangling the code.
Great tools are about to be born (Hi Marc:)



pwnies 2011

As you might know or not, me and Marius have been nominated for the pwnie awards 2011 in the category best server side bug.
The CVE-2011-0997 DHCP bug was really funny and easy to exploit and often found in enterprise and campus network setups.
Unfortunally we didnt win, and to my surprise even taviso didnt win this time.
So I am likely the only one who has just one pwnie while all
the real good guys have at least two!


Nevertheless, congrats to the winners. In particular I like
pipacs' Lifetime Achievement award and $0ny's mastering in failure.
They both really deserve it.