IPv4: Hash-based multipath routing. When the routing cache was removed in 3.6, the IPv4 multipath algorithm changed from more or less being destination-based into being quasi-random per-packet scheduling. This increased the risk of out-of-order packets and made it impossible to use multipath together with anycast services. In this release, the multipath routing implementation is replaced with a flow-based load balancing based on a hash over the source and destination addresses
这中间的跨度也太大了点儿吧。
那么凡是介于 3.6 和 4.4 版本之间的 kernel 是个什么情况?有什么方法可以保证相同 source ip 的链接一定走同一条路由出去吗?
Cache is Exploitable
* This is true regardless of hash quality.
* Attacker can simply cycle through all values of all keys
* Each new packet sent modifies the lookup key in some way
* Each new packet creates a new routing cache entry
* Triggers garbage collection when size limit is reached
* Cache is no longer a cache, since every lookup misses
* This is more expensive than having no cache at all.
Cache in Non-hostile Environment
* Even with “well behaved” traffic, cache is undesirable
* Google sees hit rates on the order of only 10 percent
* On simpler systems, cache is effective
* But still exposed to key cycling denial of service
* The cache has to be removed
作者: nswcfd 时间: 2017-06-26 11:03
Goal: less than 10 percent cost increase for real operations
