[Maprg] Is UDP a trash heap?
Aaron Falk <aaron.falk@gmail.com> Mon, 23 May 2016 20:06 UTC
Return-Path: <aaron.falk@gmail.com>
X-Original-To: maprg@ietfa.amsl.com
Delivered-To: maprg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF56112D1B6 for <maprg@ietfa.amsl.com>; Mon, 23 May 2016 13:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7b-HR6IK0LM5 for <maprg@ietfa.amsl.com>; Mon, 23 May 2016 13:06:55 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52DE112DB30 for <maprg@irtf.org>; Mon, 23 May 2016 13:06:55 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id y126so80930968qke.1 for <maprg@irtf.org>; Mon, 23 May 2016 13:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=user-agent:date:subject:from:to:message-id:thread-topic :mime-version; bh=H1ZmE4r5fWX6f2sb5NmZZp6z/+lILCubKJ18OnnQTjU=; b=zMgz7SnmqUenY1dB8AyUfwDneXbHAwGE9IeZ1t4Kg8WixwmZc2va66cz8RWWOpeMc+ 82qEO6DA04ktz6K0rZqr2LCQOQRXR0fCuQAzz4vI1yVTXvjagl+6OdnpUV0CKizKQ/6P YFYZDTRTaMoRBr4doHOCVGVI15jSotYIlZLj1TALpt2SPLdx6M1hfxX1zPOlpPc8q9Gs q3NO5Ci9TUfuAEQmcz425dbXhZs05DtzFXdfud4O5RN+mbDd7EYYOIlc15/SqU1S3jgu pJG4v72fWJkTevfLkUgfy4hRMZ6mHRfsh+xBbAjtF2fDkIn0JyYHnKgNpHftc7I/4Jcn aulw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:mime-version; bh=H1ZmE4r5fWX6f2sb5NmZZp6z/+lILCubKJ18OnnQTjU=; b=KU700Pn4OBuHXRXYaGWKIitbSgmf4hKvuyCQpwwmxPGjp7KVA405s0XToQezIehPME v0xRPJuDzhd/+ir21FAiPXWTT/Oqz43r+WsCdwPDq85d5m5jykCbg57Hw1yiLnuonGEL 77BsUje0j7L4BvM0KeFzdIOWpGYgeBNOM52yLNzu90v0khcENiN+AieULAcb1FTkrL7S vdUEcbsA1f4m1dSmKkS31R34nBuxun6jb+pQH0TjCkcmkW9WqVCU1jLYQvB5GT5wK8D7 UzCQEcAIJm8tnS79CgEqB3I1iCReRUJbankY+LG2WeUnTWUZ328iVb9Nz3VAruL8oJzZ Sv7g==
X-Gm-Message-State: ALyK8tLX82xpaBAVX1RCEd7ZfUTXpD+WIcT4+h/Xe2Yu3oH4vMY3bb1WH7rAY6sAUWh0Pw==
X-Received: by 10.200.47.183 with SMTP id l52mr728369qta.24.1464034014284; Mon, 23 May 2016 13:06:54 -0700 (PDT)
Received: from [172.28.13.142] ([2001:4878:8000:60:e4a3:69f4:d0db:65df]) by smtp.gmail.com with ESMTPSA id 39sm14114944qgg.8.2016.05.23.13.06.53 for <maprg@irtf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 23 May 2016 13:06:53 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/f.16.0.160506
Date: Mon, 23 May 2016 16:06:51 -0400
From: Aaron Falk <aaron.falk@gmail.com>
To: maprg@irtf.org
Message-ID: <8EBBDE7D-C6A9-446B-84B2-67459257F591@gmail.com>
Thread-Topic: Is UDP a trash heap?
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3546864412_1095812073"
Archived-At: <http://mailarchive.ietf.org/arch/msg/maprg/HuwEOlzCO-ChdiA3kv9-NkKqJPM>
Subject: [Maprg] Is UDP a trash heap?
X-BeenThere: maprg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Measurement and Analysis for Protocols \(MAP\) \(Proposed\) RG mailing list" <maprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/maprg>, <mailto:maprg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/maprg/>
List-Post: <mailto:maprg@irtf.org>
List-Help: <mailto:maprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/maprg>, <mailto:maprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 20:06:58 -0000
See thread and cited draft below. I’ve heard “UDP is a trash heap” invoked multiple times. Are there any broad based measurements of UDP loss rates for ports other than 53? Is IPv6 different than IPv4 in this regard? --aaron From: Spud <spud-bounces@ietf.org> on behalf of Ca By <cb.list6@gmail.com> Date: Monday, May 23, 2016 at 11:51 AM To: Tom Herbert <tom@herbertland.com> Cc: Toerless Eckert <eckert@cisco.com>, Michael Welzl <michawe@ifi.uio.no>, Joe Touch <touch@isi.edu>, "Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com>, "spud@ietf.org" <spud@ietf.org>, Jana Iyengar <jri@google.com>, Christian Huitema <huitema@microsoft.com> Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt On Monday, May 23, 2016, Tom Herbert <tom@herbertland.com> wrote: On Sun, May 22, 2016 at 1:06 PM, Ca By <cb.list6@gmail.com> wrote: > >> >> Now all this being said, I also don’t fully get why some folks have such a >> big problem with running stuff over UDP. I’m not against doing that, if only >> as a temporary solution that would serve to convince people that the >> transport (option, ..) is useful. >> In a TAPS world, it’s just another option to try… >> > > The fact that udp is mostly (by volume) internet attack traffic is my > concern with udp. > > If legitimate traffic starts using udp in volume, it will make distiguishing > and thwarting voulmetric attacks very difficult at scale. Without currently > curbing n * 100g blasts of udp traffic with blanket policers, i would not be > able to keep my network up... This is a daily issue. For example, my usual > udp volume is about 1%. If it goes to 10% suddenly, it is likely smart to > drop 11% and onwards as a 10x increase in udp is 100% certainly not legit. > > My request to quic and spud is simply use a different transport protocol > number so that their interesting and innovative traffic does not run up > against the many network policers that are required to enforce well known > baselines of good normal udp traffic. The quic folks say that they cannot do > that since 10 year old cpe only passes udp and tcp, then they rant about > ossified stacks and how we need to put everything on udp to make progess ... > Seems like they are just choosing to ossify on udp ... And udp is already > considered trash (reflection attacks) ...So we agree to disagree, i guess > Isn't any other protocol besides TCP also considered trash right now? My network only "manages" udp. Ymmv. UDP based transport protocols would use well know port numbers. A firewall can allow UDP port X that carries a A "firewall" is a enterprise solution that does not scale for large national internet providers in the usa Yes, the bulk of the trash is less than 20 source ports (chargen, ntp, snmp, ntp, dns, ....). But we also get very large bot swarms doing straight packet attacks with udp. Even a novice like me can write to udp sockets in python on any port and stuff data through it. properly congestion controlled protocols not subject to reflection attacks, but disallow other UDP ports. Tom > https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00 > > > >> Cheers, >> Michael >> > _______________________________________________ Spud mailing list Spud@ietf.org https://www.ietf.org/mailman/listinfo/spud
- [Maprg] Is UDP a trash heap? Aaron Falk
- Re: [Maprg] Is UDP a trash heap? Brian Trammell
- Re: [Maprg] Is UDP a trash heap? Eggert, Lars
- Re: [Maprg] Is UDP a trash heap? Brian Trammell
- Re: [Maprg] Is UDP a trash heap? Eggert, Lars
- Re: [Maprg] Is UDP a trash heap? Caozhen (zcao)