nanog mailing list archives
Re: Level3 routing issues?
From: "Jack Bates" <jbates () brightok net>
Date: Sat, 25 Jan 2003 16:53:09 -0600
From: "Robert A. Hayden"
What about doing some priority-based QoS? If a single IP exceeds X amount of traffic, prioritize traffic above that threshold as low. It would keep any one single host from saturating a link if the threshold is low. For example, you may say that each IP is limited to 10mb of prioirty traffic. Yes, a compromised host may try to barf out 90mb of chaff, but the excess would be moved down the totem pole.
<snip> Down the totem pole isn't off the totem pole. In most cases the issue wasn't traffic priority. Most network equipment isn't designed to handle 100% capacity from all ports. Under standard operation, maximum capacity is never reached. It is cost prohibitive to support it. In addition, this was a dual issue. Not only did the bandwidth saturate, the packets are so small that in reaching for 100% saturation, many routers and switches first exceeded their maximum pps thresholds. The best defense is to monitor and know your traffic. When traffic becomes uncommon, someone needs to be alerted. A 30% processor increase is not a good thing; ever. Second, know the optimizations for your particular equipment and code. Each piece of equipment has it's own optimizations. In my case, it was better to access-list at the router level than to run bandwidth limiting, and I run a crummy 7200. It's even nicer on a 7500+ where it's offloaded to the linecard processors. If a portion of the network or a specific port is unrecoverable, shut it down. The server won't be able to handle traffic anyways, and it is better to cut off a portion of the network than lose the entire network. Jack Bates Network Engineer BrightNet Oklahoma
Current thread:
- Re: Level3 routing issues?, (continued)
- Re: Level3 routing issues? Simon Lockhart (Jan 27)
- Re: Level3 routing issues? alex (Jan 27)
- Re: Level3 routing issues? Valdis . Kletnieks (Jan 27)
- Re: Level3 routing issues? alex (Jan 27)
- Re: Level3 routing issues? David Howe (Jan 28)
- VPN clients and security models alex (Jan 28)
- Re: VPN clients and security models Valdis . Kletnieks (Jan 28)
- Re: VPN clients and security models David Howe (Jan 28)
- Re: Level3 routing issues? Iljitsch van Beijnum (Jan 26)
- Re: Level3 routing issues? Robert A. Hayden (Jan 25)
- Re: Level3 routing issues? Jack Bates (Jan 25)
- Re: Level3 routing issues? Daniel Senie (Jan 25)
- Re: Level3 routing issues? Jared Mauch (Jan 25)
- Re: Level3 routing issues? Avleen Vig (Jan 25)
- Re: Level3 routing issues? Jack Bates (Jan 25)
- Re: Level3 routing issues? Alex Rubenstein (Jan 25)
- Re: Level3 routing issues? C. Jon Larsen (Jan 25)
- Re: Level3 routing issues? Avleen Vig (Jan 25)
- Re: Level3 routing issues? Grant A. Kirkwood (Jan 25)
- Re: Level3 routing issues? Stephen J. Wilcox (Jan 25)
- Re: Level3 routing issues? Christopher L. Morrow (Jan 25)