On Sat, Jul 26, 2008 at 1:52 AM, Tony Li <[EMAIL PROTECTED]> wrote: > |1. You don't do a lookup for every packet; you do a lookup for the > |first packet in a time-bounded series. That's true for both the > |query-cache map proposals and the DNS. > > True, I should have said for each connection...
Hi Tony, It isn't even per connection. It's per time-bounded series which is likely to include many connections as necessary to complete a "visit" by the person at the origin. A web server doesn't have a big cache of recently-looked-up addresses. A hypothetical ITR does. At least one map-encap approach take this a step further: a supply of bare, non-multihomed and highly-aggregated network addresses remains available on the Internet. In theory at least, applications and servers requiring brief, anonymous connections can make use of this supply, relying on map-encap only for the direction that must remain stable over time. > But that's no reason to be rude about it. Apologies. Was not intended that way. > The issue, IMHO, isn't the delay, it's the scalability, especially in front > of hot spots like Google. In these cases, it would make sense to have a > hybrid mapping, where we can install full mappings at hot spots. If we use DNS for our example assume that nearly all packet flows have performed a DNS lookup at the client side in order to find the server then we're talking about tripling the load on the DNS system. Find me a DNS op who doesn't believe the DNS system can readily expand to serve triple the load. On the flip side, the first connection is held open longer than normal while the ITRs complete lookups. This has an impact on the web and other servers. However, such connections are in the syn/synack stage. So, the problem fits neatly into the generic syn-flood DOS attack problem which is already solved. Regards, Bill -- William D. Herrin ................ [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004 -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
