On Thu, 15 Apr 2010, Simon Perreault wrote:
On 2010-04-15 10:38, Mohacsi Janos wrote:
Why cope with QoS if somebody is sending packets to black-hole?
I don't understand your question, but here's an example use case of the
attack I'm suggesting:
I want to evade an SFQ QoS for a single flow. If the QoS is based on the flow
field, I can just put random values in the flow field so that my packets
appear to come from multiple flows, which will let me get better throughput.
Then we are speaking two different beasts:
- you are speaking about a policed and/or rate limited flows
- I was speaking about a preferential treatment of sent flows
Many other examples come to mind...
This usage of the flow field would need to be treated just like the DSCP
field. Maybe you can use it in some applications, not in others. But a
recommendation that all hosts on the Internet set it would be pointless if
intermediate networks can't or won't use it.
That is why we are thinking of different models:
Diffserv like architecture for flow field.
Do we need more classes in a backbone than available in the current
DSCP/diffserv model?
In the diffserv model you are rewriting DSCP values at the administrative
domains. Do we want to rewrite flow fields similarly? or is it e2e?
Also you mark/remark packets in you aggregation network according to the
services and origin. Do we want to change flow filed?
Flow field is a tool for network operators to better classification or
more e2e tool for applications?
Simon
--
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server --> http://numb.viagenie.ca
vCard 4.0 --> http://www.vcarddav.org
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
