From mboxrd@z Thu Jan  1 00:00:00 1970
From: William Dauchy <william@gandi.net>
Subject: [PATCH v4 0/3][xen-netback][toolstack] add a pseudo pps
	limit to netback
Date: Mon,  5 Aug 2013 17:13:07 +0200
Message-ID: <1375715590-1539-1-git-send-email-william@gandi.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Ahmed Amamou <ahmed@gandi.net>, Kamel Haddadou <kamel@gandi.net>, Wei Liu <wei.liu2@citrix.com>, William Dauchy <william@gandi.net>, xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

VM traffic is already limited by a throughput limit, but there is no
control over the maximum packet per second (PPS).
In DDOS attack the major issue is rather PPS than throughput.
With provider offering more bandwidth to VMs, it becames easy to
coordinate a massive attack using VMs. Example: 100Mbits ~ 200kpps using
64B packets.
This patch provides a new option to limit VMs maximum packets per second
emission rate.
It follows the same credits logic used for throughput shaping. For the
moment we have considered each "txreq" as a packet.
PPS limits is passed to VIF at connection time via xenstore.
PPS credit uses the same usecond period used by rate shaping check.

known limitations:
- by using the same usecond period, PPS shaping depends on throughput
  shaping.
- it is not always true that a "txreq" correspond to a paquet
  (fragmentation cases) but as this shaping is meant to avoid DDOS
  (small paquets) such an pproximation should not impact the results.
- Some help on burst handling will be appreciated.

v2:
- fix some typo

v3:

- fix some typo
- add toolstack patch

v4:
- fix toolstack memleak
Ahmed Amamou (1):
  xen netback: add a pseudo pps rate limit

 drivers/net/xen-netback/common.h    |    2 ++
 drivers/net/xen-netback/interface.c |    1 +
 drivers/net/xen-netback/netback.c   |   41 +++++++++++++++++++++++++++++++++++
 drivers/net/xen-netback/xenbus.c    |   31 +++++++++++++++++++++-----
 4 files changed, 70 insertions(+), 5 deletions(-)

[toolstack]
This patch will update the libxl in order to provide the new pps limit
new pps limit can be defined as follow
YYMb/s&XXKpps@ZZms
or
YYMb/s@ZZms&XXKpps
or
YYMb/s&XXKpps in such case default 50ms interval will be used

Ahmed Amamou (2):
  handle pps limit parameter
  netif documentation

 docs/misc/xl-network-configuration.markdown |   18 +++++--
 tools/libxl/libxl.c                         |    3 ++
 tools/libxl/libxl_types.idl                 |    1 +
 tools/libxl/libxlu_vif.c                    |   70 +++++++++++++++++++++++++--
 xen/include/public/io/netif.h               |   27 +++++++++++
 5 files changed, 111 insertions(+), 8 deletions(-)

-- 
1.7.9.5