> I'm worried about the same thing -- and I don't think source-based > token-bucket is justified. Sure, feel free to do so, but a regular > one should work just as well with sufficiently large burst allowance > (e.g., 50-100 packets). > > If someone is DoS'ing you it may actually be a feature that you don't > consider the source .. you can't overload the box by spoofing > different source addresses :-)
Makes sense :) > W.r.t. the other thread, I don't have objections to giving an > implementation hint on the parameters -- it's just that I don't think > it's really needed. If we were to provide such a hint, what would be the suitable values for B and N ?? (allowing up to B back-to-back error messages to be transmitted in a burst, but limiting the average rate of transmission to N messages per second.) Regards Mukesh -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------