Fred,
Your probably right. Most networks probably wouldn't change their
forwarding policy when under attack.
However, my point wasn't to anticipate which forwarding policy a network
might deploy. It was merely to demonstrate that a network might deploy a
forwarding policy that somehow depends on source address validation.
Ron
Fred Baker wrote:
> On Sep 18, 2006, at 1:29 PM, Ron Bonica wrote:
>
>> During periods of normal operation, the network will forward all
>> packets without regard to source address validation status. However,
>> during periods of congestion cause by malicious attacks, the network
>> will grant preferential treatment to packets, depending upon the
>> degree of trust that the network has in the source address.
>
>
> I should think that the policy would not be changed under load. During
> non-congestive periods, I wouldn't expect to see any difference between
> traffic in the higher and lower priority queues; they would normally be
> empty when a packet arrived, and it would go out without delay. And if
> the classification can be done at line rate under load, doing the same
> classification when not under load won't hurt you.
>
> So this simplifies to Sally Floyd's proposal of a few years back -
> traffic that is deemed "probably good" runs in a higher priority queue
> than traffic that is deemed "probably not so good", and under stress
> the latter class takes the brunt of losses. The same can be done with
> rate based queues (WFQ/WRR) by giving one queue 90% of the bandwidth
> and one taking the dregs.
>
> I should think that addressing policy is also but one aspect of this.
> More generally, traffic that you are pretty sure is high value runs at
> high priority, and low value traffic runs at low priority.
>
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
