Posts

NIC Ring Buffer Tuning: Packet Drops, Backlog, and Performance Considerations

๐Ÿ“Œ Table of Contents Introduction to NIC Ring Buffer Issues Understanding NIC Ring Buffer Checking Packet Drops Increasing Ring Buffer What Happens After Ring Buffer Network Budget Backlog Queue Introduction to NIC Ring Buffer Issues A company had a server that had been receiving real-time data at 100 Mbps without any major issues. However, when the incoming data rate was increased to 1 Gbps , service instability began to appear. Among several load-balanced servers, a few started falling out of sync and were excluded from the service pool. Since the system was designed with redundancy, the failure of one or two servers didn’t cause a complete outage—the remaining servers could still handle the traffic. Nevertheless, leaving this issue unresolved posed a risk of escalating into a full-scale service disruption. This prompted a detailed investigation. The root cause was identified fairly quickly. The network team had observed packet drop...
Post a Comment
Read more

[Linux] Setting the Account Lockout Threshold with PAM faillock

๐Ÿ“Œ Table of Contents Introduction Environment (Supported Versions) Backup Prerequisites Method 1: Using authselect Faillock Configuration Testing the Lockout Method 2: Manual PAM Edits Priority: faillock.conf vs PAM Files Conclusion & Tips Introduction When addressing Linux system security vulnerabilities, one essential safeguard is implementing account lockout after a certain number of failed login attempts. The pam_faillock.so module is designed for this purpose—allowing administrators to lock a user account once login failures exceed a defined deny threshold. This module functions similarly to the older pam_tally2 but provides enhanced flexibility. Locking accounts effectively protects against brute-force attacks and unauthorized access attempts.
Post a Comment
Read more