Check out the new USENIX Web site. next up previous
Next: Impact of Burst Size Up: Experimental Results Previous: Experimental Results


Efficacy of SYN Policing

In this section we show how TCP SYN policing protects a preferred client against flash crowds or high request rates from other clients. In our setup, one client replays a large e-tailer's trace file representing a preferred customer. For the competing load we use five machines running Webstone, each with 50 clients. All clients request an 8 KB file, which is reasonable since a typical HTTP transfer is between 5 and 13 KB [12].

{\figurename}: {\dimen0=\fontdimen6\the\font
\lineskip=1\dimen0
\advance\lineskip.5\fontdimen...
...iler's client when there was no SYN control and
when SYN control was enforced.}}
\begin{figure}
\begin{center}
\epsfig {file=figures/new_rate_exp.eps, width=0.45\textwidth}\end{center}\end{figure}

Without SYN policing, the e-tailer's client receives a low throughput of about 6 KB/sec. Using policing to lower the acceptance rate of Webstone clients, we expect the throughput for the e-tailer's client to increase. Figure 5 shows that the throughput for e-tailer's client increases from 100 KB/sec to 800 KB/sec as the acceptance rate for Webstone clients is lowered from 300 reqs/sec to 25 reqs/sec. The experiment demonstrates that a preferred client can be successfully protected by rate-controlling connection requests of other greedy clients.

TCP SYN policing works well when client identities and request patterns are known. In general, however, it is difficult to correctly identify a misbehaving group of clients. Moreover, as discussed below, it is hard to predict the rate control parameters that enable service differentiation for preferred clients without under-utilizing the server. For effective overload prevention the policing rate must be dynamically adapted to the resource consumption of accepted requests.


next up previous
Next: Impact of Burst Size Up: Experimental Results Previous: Experimental Results
Renu Tewari
2001-05-01