memory protection

Understand Memory Pressure Protection

Q: What is the Windows Memory Pressure Protection (MPP) feature, and how can it help with intermittent connection failure resolution?

A: Memory Pressure Protection (MPP) is a Windows feature that was introduced in Windows Server 2003. This feature was designed to help protect against Distributed Denial of Service (DDoS) attacks. The goal of MPP is to keep the server functional when under attack by ensuring that some resources are still available to the operating system and to some remote clients. Essentially the feature works by examining incoming requests and at a certain point when requests are bursting from many sources at the same time the MPP feature will throttle network and memory utilization by randomly denying some of the connections to the server. This will exhibit behavior such as the following:

  • Connections denied intermittently to clients
  • Network name no longer available messages to Windows file clients
  • Event logs written to the target server indicating that the server might be under DDoS attack

This protection feature is useful for Internet-facing servers that might experience this type of distributed attack. However, several scenarios exist in which MPP can incorrectly identify and then block valid communications. For example:

  • Large high-performance computing (HPC) or Hadoop clusters in which intra-cluster communications (such as MPI communications or RPC connections) frequently involve many or all compute nodes
  • File servers internally accessed by large numbers of clients with bursting traffic patterns, such as off-cluster file shares used as HPC "working directories"
  • Web (IIS) and SQL Server deployments used by many clients
  • Any other type of service that experiences bursts of connectivity from a distributed client base

In these types of scenarios, in which you see the intermittent problems that I described at the beginning of the article, disabling MPP (which is turned on by default) can help resolve the problem. Use the following command:

netsh int tcp set security mpp=disabled

No reboot is required, and the change takes effect immediately. You can use the same command to reenable MPP by replacing disabled with enabled. Be careful when disabling this feature on Internet-facing servers that are susceptible to DDoS attack.

For information about more granular profiles that are also available as part of the configuration, see the Microsoft Support article "Description of the new Memory Pressure Protection feature for TCP stack."

To verify current MPP status, run the following command:

netsh int tcp show security

Typical output is as follows:

Querying active state...
----------------------------------------------
Memory Pressure Protection : disabled
Profiles : enabled

Thanks to Jim Jernigan of Microsoft Research for walking through this technology with me.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish