[ntp:questions] Re: Question on abusive clients.
David J Taylor
david-taylor at blueyonder.co.not-this-bit.nor-this-part.uk.invalid
Sun Dec 25 09:42:53 UTC 2005
David L. Mills wrote:
> Yes, it would be good to have the network layer run interference, and
> there are some suggestions in current papers. However, these methods
> are based on probabilistic packet marking and work well only if the
> abuser is a significant fraction of the load. With several thousand
> mice per second pounding on the servers, its hard to cut the elephand
> stomping once per second from the herd.
> Actually, the LRU sorter in the monlist scheme does a rather good job
> of finding a few elephants and that's how we got the data for the
> paper. In the Wisconsin incident there were 750,000 elephants and
> mice didn't have a chance. The trouble wasn't only with the UWisc
> infrastructure; the upstream ISP was scortched, too. This would
> suggest the best long-term solution is something like what telephone
> providers call "call gap". The idea is to automatically detect
> congestion and chase it toward the source as far as possible and
> disable dial tone.
.. and if I understand this correctly, Dave, the call-gapping would have
to be protocol dependant as, presumably, there are some protocols where
one packet per second is quite acceptable? I don't like the idea of
protocol-dependant stuff being in the network architecture!
More information about the questions