Blocklist mem-cache just got even better!

Just a few days ago we shared exciting news about the TTL-aware memory cache we implemented in front of our Blocklist, which was able to reduce by up to 90% the need to query the DB to check whether or not a client IP is already blocklisted.

Well, we worked hard over the weekend, and we tuned the mem-cache algorithm to achieve even better performance. Let the numbers speak for themselves:

  "rejectedConns" : 883,
  "addedToBl" : 4,
  "hitsOnBl" : 857,
  "hitsOnBlCache" : 855

That’s a 99.76% effectiveness rate. On to the next task now…

Testing the blocklist cache

Every Syncplify Server! operator is familiar with Syncplify’s ProtectorTM technology, which prevents attacks and hacking attempts, and automatically puts the attacker’s IP address in the blocklist (formerly known as “blacklist”).

But in every Syncplify Server! version prior to v6, checking whether or not an incoming request is coming from a blocked IP address implied a query to the database, which can take a millisecond or two. In v6, though, we have now implemented an in-memory cache with automatic TTL, which effectively reduces the number of such DB queries by up to 90%, and the time taken from milliseconds to just a few microseconds (yes, it’s up to 1,000 times faster than querying the DB).

Here’s a blocklist usage and cache-hit report for the past 2 days of operation of our honeypot:

     "rejectedConns": 2331,
     "addedToBl": 2262,
     "hitsOnBl": 2250,
     "hitsOnBlCache": 1985

Out of 2250 blocklist hits, 1985 (88.22%) were gracefully handled by the in-memory cache.