[Hipsec-rg] HIPRG meeting minutes posted

xuxh at huawei.com (Xu Xiaohu) Wed, 08 April 2009 01:12 UTC

From: "xuxh at huawei.com"
Date: Wed, 08 Apr 2009 09:12:03 +0800
Subject: [Hipsec-rg] HIPRG meeting minutes posted
In-Reply-To: <alpine.LFD.2.00.0904071530220.18931@stargazer.pc.infrahip.net>
Message-ID: <001101c9b7e7$0722f670$5e0c6f0a@china.huawei.com>

> -----????-----
> ???: Oleg Ponomarev [mailto:oleg.ponomarev at hiit.fi] 
> ????: 2009?4?7? 20:58
> ???: Xu Xiaohu
> ??: hipsec-rg at listserv.cybertrust.com
> ??: re: [Hipsec-rg] HIPRG meeting minutes posted
> 
> Hi! On Tue, 7 Apr 2009, Xu Xiaohu wrote:
> 
> >> What happens when hosts in the network get infected and 
> start to send 
> >> SYN packets to random IP addresses at the max speed? To my 
> >> experience, even one such host with GigabitEthernet connection can 
> >> overload low-cost routers. What will be the performance of 
> your mapping servers?
> >> What if there are thousands of such hosts?
> >
> > In fact, we can use some kind of overlay network (e.g. , 
> the virtual 
> > aggregation 
> > approach(http://tools.ietf.org/html/draft-francis-intra-va-00).)
> > to forward the packets once the cache is poisoned. That is 
> one of the 
> > reasons why RANGI adopts the hierarchical host identifers.
> 
> When a host is infected, it is an exceptional situation 
> *for*the*host*, but when some fraction of the end-hosts is 
> infected, it is normal
> *for*a*network* and the infrastructure should operate 
> routinely, not fall-back to another solution because of that.

What I said is :once the cache *in the proxy* is overwhelmed, the proxy
could forward the received packets to the overlay network which is the last
resort. Are we talking about the same situation? 

Xiaohu