QUIC traffic throttled on AT&T residential

Lukas Tribus lists at ltri.eu
Thu Feb 20 22:22:45 UTC 2020


Hello,


On Thu, 20 Feb 2020 at 21:30, Daniel Sterling <sterling.daniel at gmail.com> wrote:
> As has been continually noted, this issue goes away if you use v4 TCP or v6 UDP.

IPv6 UDP is currently not broken, that doesn't mean v6 is the solution
to this problem. It's just means the particular ISP did not yet deploy
the same policies or "mitigations" for v6 traffic. As v6 adoption
increases, so will abuse/misuse, especially when attackers notice that
their attack traffic is rate-limited on v4 but not on v6 and P2P
gaming switches from v4 to v6. And at some point this will lead to
"feature parity" in IPv6. So while v6 UDP currently works, I don't
think we can assume that's permanent.

I disagree this approach is necessary to keep the network running and
the pagers from buzzing. In a much smaller eyeball environment (with
much smaller chokepoints), we have mapped possibly amplificated
packets (ip frag, dns, ntp, memcached, et all) to a specific queue.
Unless the links are congested, this traffic passes just as any other
traffic and during congestion it only uses whatever bandwidth the
queue has - no static rate-limits. I'm not saying this will fix
whatever the policies discussed here are supposed to fix, but there is
always a way to improve and make the mitigations more nuanced.

Of course ISPs will protect the network and the customers. But whether
you apply a simple rate-limiting for some traffic or some AI-assisted
auto-mitigation for traffic misuse, you gotta be prepared to monitor
and update it, staying on top of at least the major false-positives,
short-term but long-term as well. After all, things tend to change
over time.



lukas



More information about the NANOG mailing list