On Fri, Aug 11, 2006 at 10:42:36AM +0100, Michael Rogers wrote: > Matthew Toseland wrote: > >The reason for the current lack of performance is overcompensation for > >load, as evidenced by the low bandwidth usage. > > I think you're probably right - we're responding to load by shutting > down links, which makes the remaining links more likely to become > overloaded... > > >We could take out load balancing completely, but that might > >result in a significant slowdown due to slow nodes. > > There's a fundamental tradeoff here: either we redirect traffic from > slow nodes to fast nodes, ie misrouting, or we allow the slow nodes to > determine the performance of the network. Both approaches create attack > opportunities, and I think Ian's right that we need to reason this > through from first principles - unfortunately we don't just need a > mechanism that works, we need a mechanism that's robust. > > >Load limiting: Sender side, determining how fast to send requests into > >the network. If there are too many RejectedOverload's, the sender slows > >down. This will ensure the network is not overloaded, full stop. It > >works for TCP/IP, it should work for us. > > It works for TCP as long as all the senders are well behaved. We can't > depend on that assumption.
100% agreed, there are numerous attacks possible on the current mechanism, but we need something we can deploy soon. > > >Load limiting without load balancing: If there are slow nodes near the > >sender, and we send these an equal proportion of our incoming requests > >(according to their location), then most of those requests will be > >rejected, and this results in an overall slowdown. > > Again, assuming the sender is well behaved. If not, the sender's traffic > overloads the slow nodes and they reject all traffic from other nodes, > causing everyone else to slow down. This doesn't even require the sender > to be malicious, just selfish. The sender might also reject incoming > requests to slow everyone else down, leaving more bandwidth for himself. Sure, as above, that's why we need to move to token balancing. That, and some more direct security issues. > > >I don't think > >ethernet collision detection is a viable model for backoff. > > I agree with this - backing off reduces the load on one peer but > increases the load on the others, so it's a more complex picture that > ethernet backoff. > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060811/5ef50c63/attachment.pgp>
