C10M – Defending the Internet At Scale presented at Shmoocon 2013

by Robert Graham,

Tags: Security

Summary : A decade ago, engineers tackled the “c10k” scalability problems that prevented servers from handling more than 10,000 concurrent connections. This problem was solved by fixing OS kernels and moving from threaded servers like Apache to event-driven servers like Nginx/NodeJS. This talk is about the next level in scalability: systems that handle 10 MILLION concurrent connections. Such systems already exist, though instead of being called “servers” they are called “devices”, like firewalls, IPS, DPI, load balancers, carrier NAT, etc. It’s not hardware that makes these systems scale, but software. Indeed, many of these scalable “devices” are simply x86 servers with a different logo on the front panel. This talk broadly covers the major areas of making a scalable system from a standard x86 desktop, discussing asynchronous event driven design, custom stacks, multi-core programming, low-level optimizations, and security.