Originally Published: Monday, 22 January 2001 Author: Justin Bajko & David Friedman
Published to: featured_articles/Featured Articles Page: 1/1 - [Std View]

Pushing the Limits of IRC

This week, Justin Bajko and David Friedman explain why Linux may be finding its way into new server rooms, and how this could affect not only all IRC users, but all Linux users.

IRC which stands for Internet Relay Chat, is a protocol used so people across the Internet can chat in real time. If you want more information on IRC basics, check out Tom Dominico's small tutorial.

When I first began to IRC in early 1993, I wasn't concerned with what platform was used to run the IRC servers. In fact, at that point, I didn't even know UNIX or Linux existed. I just wanted to meet other people on this "Internet" thing.

After some time, I was drawn in to wanting to know more about how IRC worked. I began by asking simple questions. I learned about UNIX and one variant which I've come to know and love, Linux. When talking to various IRC administrators, the basic idea I got from them was that UNIX (specifically the FreeBSD distribution) was the only platform that one could feasibly run an IRC server from. Some of the reasons that I was given were that the scalability that FreeBSD had at the time was far superior than that of Linux. I had no qualms with what I was hearing, because I hadn't yet explored UNIX or Linux.

In 1997, I began to use Linux. It arrived in a box at the software store I worked, and I looked it over. I liked what I saw, so I decided to do more research. I crawled around the Web looking for more information on this operating system that was seemingly trying to become mainstream. After doing a bit of research, I decided to give Linux a whirl. I installed it, and was immediately thrilled. It was stable. Not everything crashed; I was shocked. Since that day, I've become a Linux advocate. I encourage all my friends to at least use my Linux computer to get a taste of it. I also encourage every person with an interest in computers to give Linux a chance.

My only problem is, to this day, I still can't get the IRC administrators to recognize Linux as a feasible operating system on which to run an IRC server. I am told that Linux can't properly handle the memory spikes that an IRC server might give off. I get told that it breaks down when a server gets a large influx of new clients. I get told that Linux won't make it as a platform for IRC servers.

Enter David "driz" Friedman. David is a volunteer here at Linux.com, and he also runs one of the largest IRC servers on DALnet, which is also the largest IRC network around. David also runs Linux on his IRC server. David is the admin of the server twisted.ma.us.dal.net, and at its peak, it has carried 38,435 clients. As far as my research has shown, I believe this is the heaviest client count that an IRC server has held to date on any network or on any operating system. So what does it take to power a machine that serves so many people at the same time? The twisted.ma.us.dal.net (henceforth known as "twisted") server is powered by an AMD Thunderbird 900MHz processor running along side of 512 megabytes of RAM.

Karthik Arumugham, asst. admin of twisted and network engineer at Global NAPs, where twisted is hosted says, "why do we run Linux on twisted? The network stack in the 2.4 kernel handles massive amounts of client connections better than anything we have tried. 38000+ users on a $500 box is pretty impressive to me! Also, its handling of denial of service attacks has shown itself to be better than other operating systems. Although most attacks are filtered on our own routers, or at our upstream providers' routers, there are many types of attacks which can't be filtered by a router, and must be handled by the system itself. It's still quite possible for a determined attacker to disable the machine, but Linux makes it much harder."

One of the most common forms of DoS that attackers use is SYN flooding. During a SYN flood, a target machine is flooded with TCP connection requests. The address and ports that the SYN floods come from are randomized, this way the machine being flooded will always keep information on hand for many connections that never are completed. When this happens, the machine gets too many connections and eventually slows down, hangs, or even crashes.

The twisted IRC server naturally sits behind routers which are responsible for filtering the vast majority of the SYN floods that are attempted on the server, but for those that do sneak past the routers, the new and improved TCP/IP stack in the 2.4.x Linux kernel (which is believed by some to be better than the TCP/IP stack in the current stable release of FreeBSD) is able to handle the SYN floods much more gracefully than it ever has been, using syncookies. Because of Linux, the server is able to remain stable so the 38,000+ users that connect to it have an uninterrupted IRC session.

Another common form of DoS attack that isn't as big of a problem as it used to be is known as the "smurf" attack. The smurf attack actually victimizes two machines: the target machine and the reflector machine. The attacker sends steams of pings (ICMP echo requests) to the broadcast address of the reflector subnet. The addresses that these packets come from are always forged to be the address of the machine being attacked. This has a horrible effect on both machines, because for each packet send by the attacker, lots of hosts on the reflector subnet will respond, thus flooding the target machine and wasting bandwidth for both the target machine and the machines on the reflector subnet. The best way to deal with smurf-type attacks is to filter them on routers that can handle the large volume of bandwidth that they generate, so that the IRC server never even sees the smurf reply packets.

So, where does Linux go from here? As Linux continues to be more popular as both a desktop operating system and an operating system for corporations to use as their main servers, Linux is also opening up the eyes of those who have been opposed to it for so long. As IRC networks and servers continue to grow, more and more IRC administrators are beginning to branch out and try new things, and one of those new things has been to give Linux a test run on their IRC server.

While there are still plenty of admins out there with the mentality that Linux will never be comparable to their "tried and true" FreeBSD, there are also plenty of admins out there helping to change some minds, and this has been the story of probably the most influential IRC server out there. To quote an admin from EFNet, another one of the largest IRC networks around, "twisted is an amazing server... absolutely amazing."

For IRC users this translates to a more enjoyable IRC experience, and for Linux users, it translates to a superior TCP/IP stack which will withstand everything a smaller server or desktop machine can throw at it, making for a more enjoyable Internet experience as well.