Extreme congestion (was Re: inter-domain link recovery)
Alexander Harrowell
a.harrowell at gmail.com
Thu Aug 16 09:55:34 UTC 2007
An "Internet variable speed limit" is a nice idea, but there are some
serious trust issues; applications have to trust the network implicitly not
to issue gratuitous slow down messages, and certainly not to use them for
evil purposes (not that I want to start a network neutrality flamewar...but
what with the AT&T/Pearl Jam row, it's not hard to see
rightsholders/telcos/government/alien space bats leaning on your upstream to
spoil your access to content X).
Further, you're going to need *very good* filtration; necessary to verify
the source of any such packets closely due to the major DOS potential.
Scenario: Bad Guy controls some hacked machines on AS666 DubiousNet, who
peer at AMS-IX. Bad Guy has his bots inject a mass of "slow down!" packets
with a faked source address taken from the IX's netblock...and everything
starts moving Very Slowly. Especially if the suggestion upthread that the
slowdown ought to be implemented 1-2 AS away from the problem is
implemented, which would require forwarding the slowdowns between networks.
It has some similarities with the Chinese firewall's use of quick TCP RSTs
to keep users from seeing Bad Things; in that you could tell your machine to
ignore'em. There's a sort of tragedy of the commons problem - if everyone
agrees to listen to the slowdown requests, it will work, but all you need is
a significant minority of the irresponsible, and there'll be no gain in
listening to them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070816/0bd4d7cb/attachment.html>
More information about the NANOG
mailing list