David L. Mills wrote: > David, > > Yes, it would be good to have the network layer run interference, and > there are some suggestions in current papers. However, these methods > are based on probabilistic packet marking and work well only if the > abuser is a significant fraction of the load. With several thousand > mice per second pounding on the servers, its hard to cut the elephand > stomping once per second from the herd. > > Actually, the LRU sorter in the monlist scheme does a rather good job > of finding a few elephants and that's how we got the data for the > paper. In the Wisconsin incident there were 750,000 elephants and > mice didn't have a chance. The trouble wasn't only with the UWisc > infrastructure; the upstream ISP was scortched, too. This would > suggest the best long-term solution is something like what telephone > providers call "call gap". The idea is to automatically detect > congestion and chase it toward the source as far as possible and > disable dial tone. > Dave
.. and if I understand this correctly, Dave, the call-gapping would have to be protocol dependant as, presumably, there are some protocols where one packet per second is quite acceptable? I don't like the idea of protocol-dependant stuff being in the network architecture! Eek! David _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
