sean at donelan.com
Thu Nov 15 00:02:52 UTC 2007
On Wed, 14 Nov 2007, Rodney Joffe wrote:
> I have too many services to just want to use a T1 or two as sacrificial
> pipes. and I don't want to be messing around manually.
> I need to be able to have the transit providers effectively provide isolation
> for each subnet, so my idea is to advertise each service up a separate
> rate-limited VLAN. So if one service is DDoS'd, and its 100mb vlan is hosed,
> the other 9 services still cope easily with each of their 100mb vlans.
> Seems simple and logical to me, but I wasn't sure what I was missing.
The trick isn't the classification part, but needing multiple hardware
queues. If you have multiple hardware queues, it doesn't matter
too much whether you use "virtual" things like MPLS, VLAN, DSCP, 802.1p,
PVCs, etc. Most will work.
If you don't have multiple hardware queues, then it also doesn't matter
too much whether you use "virtual" things like MPLS, VLANs, DSCP, 802.1P,
PVCs, etc. Most will not work.
Providers use sacrifical physical interfaces, e.g. a T1, because some
routers aren't very good at managing multiple queues on a single physical
interface, and may not have multiple hardware queues on a single physical
More information about the NANOG