On Dec 8, 2008, at 4:03 PM, Scott Brim wrote:
Excerpts from Michael Meisel on Sun, Nov 30, 2008 03:33:53PM -0800:
Hi everyone, one of the APT people here. =) So we actually did an
analysis of potential default mapper load a while back, based on real
traffic traces at two POPs that serves mostly academic networks,
taking
into account the RTT to the default mapper and the cache size and
expiration time. Even in the worst case, the results show that the
load
on the default mappers is pretty small.
I would be concerned about bogons. I'm told that there are millions
of crap packets that currently get thrown away at site borders. I
don't know how many of your campus machines are owned bots, but almost
15% of the hosts on the Internet are. Did you see any of that?
The traffic traces we use have been anonymized (so we don't know the
actual destinations). If there are lots of bogus destinations (from
the crap packets), they will create more mapping entries at the ITR
than necessary and probably increase the load at the default
mappers. In the worst case, this is similar to a cache overflow
attack. There have been proposed counter-measures for that kind of
attacks (see the paper ""Pollution Attacks and Defenses for Internet
Caching Systems", L. Deng, Y. Gao, Y. Chen, and A. Kuzmanovic, http://
networks.cs.northwestern.edu/publications/cache_JCN.pdf).
Lan
_______________________________________________
rrg mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/rrg
_______________________________________________
rrg mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/rrg
