No worries; I also had a mistake in my earlier messages when I failed to
mention the active queue management for last-hop routers in front slow links
recommended by the RFC 3150 BCP. (I don't know if the recommendation
extends to the case of the slow link occurring somewhere in the *middle*
of the network, however.) Active queue management (i.e., RED) deals with
bursts much better than the de facto tail-drop, which would seem to fit well
with our current leaning toward the token bucket rate-limiting scheme.
Fred
[EMAIL PROTECTED] wrote:
Oops !! stupid mistake of mine :)The number of packets from A to B will be limited by the thin link and thusB won't have to send ICMP back at a higher rate.RegardsMukesh-----Original Message-----
From: Gupta Mukesh (Nokia-NET/MtView)
Sent: Wednesday, January 07, 2004 4:19 PM
To: 'ext Fred Templin'
Cc: [EMAIL PROTECTED]
Subject: RE: draft-ietf-ipngwg-icmp-v3-02.txt: Rate Limiting MethodsFred,Rethinking about the following example of yours. Do we need to considerthe asymmetric paths between A and B ? I guess, the problem can be seenwith even symmetric path. Let say the network is likeA <--- 1gig ---> C <--- 56 kbps --> D <--- 1 gig ---> BNow A starts sending some packets and B generates ICMPv6 errormessages. If B is using bandwidth-based function for limiting the rate,it would calculate the percentage using 1 gig link's bandwidth and willoverload the thin link between C & D.Am I missing something ?RegardsMukesh-----Original Message-----
From: ext Fred Templin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 07, 2004 5:32 AM
To: Margaret Wasserman; Gupta Mukesh (Nokia-NET/MtView)
Cc: [EMAIL PROTECTED]
Subject: Re: draft-ietf-ipngwg-icmp-v3-02.txt: Rate Limiting MethodsMargaret,On further consideration, I think the bandwidth-based method might actuallybe dangerous in some situations. Suppose there were asymmetric pathsbetween nodes A and B; the path A->B consisting of all 1Gbps links andthe path B->A consisting of at least one long, thin link (56Kb modem, 3GPPwireless, etc.) Even if B is able to authenticate the source addresses inpackets it receives from A, if the bandwidth-based method is used basedon a percentage of the bandwith of B's outgoing 1Gbps interface the queueon a router at the head of a long thin link on the path B->A will overflow. Inother words, B might cause harmful denial-of-service if it blindly uses abandwidth-based estimate, since it has no way of knowing whether long,thin links will occur on the return path.As to timer-based, I think Mukesh has already given a good reason as towhy it is suboptimal; I think an arguement could also be constructed thatshows it to cause interoperability problems in some cases. So, I findmyself in the rare position of agreeing with Pekka on this subject.Fred