On Fri, Jul 8, 2016 at 6:14 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Fri, 2016-07-08 at 15:51 +0200, Toralf Förster wrote: >> I do run a 4.6.3 hardened Gentoo kernel at a commodity i7 server. A >> DDoS with about 300 MBit/sec over 5 mins resulted an issue for ipv6 at >> that system. >> >> The IPv6 monitoring from my ISP told my that the to be monitored >> services (80, 443, 52222) weren't reachable any longer at ipv6 (at >> ipv4 there was no issue). Restarting the NIC brought back green lights >> for the services at the ipv6 ports too. > > Hard to tell without knowing DDOS details, but IPv6 lacks some > scalability improvements found in IPv4. > > IPv4 no longer has a routing cache, but IPv6 still has one. >
Any pointers as to which part of the kernel to look for to implement one for IPv6 ? > Are you sure conntrack is needed at all ? > >
