On Sep 18, 2006, at 1:29 PM, Ron Bonica wrote:
During periods of normal operation, the network will forward all packets without regard to source address validation status. However, during periods of congestion cause by malicious attacks, the network will grant preferential treatment to packets, depending upon the degree of trust that the network has in the source address.
I should think that the policy would not be changed under load. During non-congestive periods, I wouldn't expect to see any difference between traffic in the higher and lower priority queues; they would normally be empty when a packet arrived, and it would go out without delay. And if the classification can be done at line rate under load, doing the same classification when not under load won't hurt you.
So this simplifies to Sally Floyd's proposal of a few years back - traffic that is deemed "probably good" runs in a higher priority queue than traffic that is deemed "probably not so good", and under stress the latter class takes the brunt of losses. The same can be done with rate based queues (WFQ/WRR) by giving one queue 90% of the bandwidth and one taking the dregs.
I should think that addressing policy is also but one aspect of this. More generally, traffic that you are pretty sure is high value runs at high priority, and low value traffic runs at low priority.
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
