Thanks much, Brian - comments inline:
On Aug 27, 2007, at 11:44 AM, [EMAIL PROTECTED] wrote:
Suppose you have 4 providers, where A and B are in the US and C and D
are in Japan (the B -- C link is the US-JP link).
A - B - - C - D
Assume A and D are interested in supporting source routing, but B and
C are not. Further assume that, due to A and D's support for source
routing, they are susceptible to the kind of oscillation DOS attack
we have been discussing. The B - - C link is managed / protected by
B and C - that is, they have ultimate control over what traffic
transits this US - JP link.
In the event of an oscillation DOS attack between A and D, do B and C
care that the traffic they are transiting is DOS traffic vs. other
traffic? In other words, hasn't the capacity available to A (from B)
and the capacity available to D (from C) already been arranged? If
this capacity is consumed due to DOS, is it not A and D (and their
customers) who pay the cost?
Absolutely not. The pricing/billing model on transit ISPs, involves
some
presumptions and/or projections on usage patterns. The transit
providers,
in this case B and C, need to ensure peak usage is covered by their
capacity. And they bill their customers, A and D, based on the
observed
patterns of the aggregates of their customer base, and on A and D in
particular.
DOS breaks the trends, and exceeds the limits of the billing model, by
any of several methods. Bottom line is, when traffic is DOS, the cost
exceeds revenue, since all capacity *on the transit upstream* is
eaten.
Traffic that exceeds the link capacity on the respective tail
sections,
A-B and C-D, that crosses B-C, is traffic that must be discarded,
has costs,
but generates *no* revenue.
I assumed it was something like this, but thought it better to ask
than to guess myself :-)
Is it correct to say, then, that the real problem with RH0 is that it
creates the potential for traffic (trends) to be less predictable,
which in turn breaks the current ISP pricing / billing model? Is it
also correct to say that the oscillation-DOS case is just one example
(if perhaps, an extreme one) of how RH0 could make traffic prediction
more difficult, and that other "legitimate" uses of loose source
routing (whether RH0 or RHx) present similar risks to the current
pricing / billing model?
Thanks,
Dow
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
