Apache Geode CHANGELOG

Disable TCP SYN Cookies

Most default Linux installations use SYN cookies to protect the system against malicious attacks (such as DDOS) that flood TCP SYN packets.

This feature is not compatible with stable and busy Geode clusters. SYN Cookies protection gets incorrectly activated by normal Geode traffic, severely limiting bandwidth and new connection rates, and destroying SLAs. Security implementations should instead seek to prevent DDOS types of attacks by placing Geode server clusters behind advanced firewall protection.

To disable SYN cookies permanently:

  1. Edit the /etc/sysctl.conf file to include the following line:

    net.ipv4.tcp_syncookies = 0
    

    Setting this value to zero disables SYN cookies.

  2. Reload sysctl.conf:

    sysctl -p