QUIC traffic throttled on AT&T residential

• Previous message (by thread): QUIC traffic throttled on AT&T residential
• Next message (by thread): QUIC traffic throttled on AT&T residential
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lukas Tribus wrote:

> IPv6 UDP is currently not broken, that doesn't mean v6 is the solution
> to this problem. It's just means the particular ISP did not yet deploy
> the same policies or "mitigations" for v6 traffic.

It is more likely that the ISP does not support v6 at all.

> In a much smaller eyeball environment (with
> much smaller chokepoints), we have mapped possibly amplificated
> packets (ip frag, dns, ntp, memcached, et all) to a specific queue.
> Unless the links are congested, this traffic passes just as any other
> traffic and during congestion it only uses whatever bandwidth the
> queue has - no static rate-limits.

That is a bad idea.

Static rate limit is necessary to discourage DoS attackers.

If the attacker send 10Mbps stream to an amplifier and the stream
is redirected to a victim at 100Mbps, 10Mbps rate limiting negates
the amplification.

					Masataka Ohta

• Previous message (by thread): QUIC traffic throttled on AT&T residential
• Next message (by thread): QUIC traffic throttled on AT&T residential
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]