Hello Friends ;
I have detected an issue on kernels. I have tested this problem with kernel 2.x to 4.9 on any kernel and all the results was same.
If a same source ip for ex : 185.99.22.33 start flooding packets to victim , let's say to victim B.
B's only one cpu core handling the issue. IRQ is not sending traffic to other cores.
Also i have tested this issue on :
Ubuntu 14.x
Cent os 6.x
Free bsd 7.2 and 10.x
even Juniper SRX 3600
But as far as i know mikrotik also uses kernel. But it over come the issue even it is installed on a hardware with same server :S
If you have a 24 core cpu (2x E5 2650v3) with dpdk maybe you decide that you should handle 24x 500.000 pps . In normal conditions
Voila it works .
But 2 attacker if spoof their ip addresses to one with sending udp packets from same spoofed source : 185.99.22.33
Than when it arrives 500.001 pps
kernel crashes because of core stuck !
we have overcome the issue with a small script to block packet on ethernet card. But i want to know the technical cause and solution
Why dooe the irq not balancing ?
what is diffrent on mikrotik's kernel ?
Should we solve this by editing kernel to not handle on the same core from the traffics that comes from the same source ?