IETF Logo Mail Archive

Re: [p2pi] One more proposed definition of fairness...

Joe Touch <touch@ISI.EDU> Mon, 09 June 2008 13:20 UTC

Return-Path: <p2pi-bounces@ietf.org>
X-Original-To: p2pi-archive@ietf.org
Delivered-To: ietfarch-p2pi-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 467CC3A6C53; Mon, 9 Jun 2008 06:20:32 -0700 (PDT)
X-Original-To: p2pi@core3.amsl.com
Delivered-To: p2pi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C00E3A699D for <p2pi@core3.amsl.com>; Mon, 9 Jun 2008 06:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aZyNnlmi1Loh for <p2pi@core3.amsl.com>; Mon, 9 Jun 2008 06:20:27 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 917933A6C63 for <p2pi@ietf.org>; Mon, 9 Jun 2008 06:20:26 -0700 (PDT)
Received: from [127.0.0.1] (c3-vpn2.isi.edu [128.9.176.73] (may be forged)) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m59DJaOk023630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 9 Jun 2008 06:19:39 -0700 (PDT)
Message-ID: <484D2DE8.7020407@isi.edu>
Date: Mon, 09 Jun 2008 06:19:36 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
References: <06BEE447-3D17-45D0-A73B-E248C3141F51@ICSI.Berkeley.EDU> <484C1958.2010900@isi.edu> <8719C03C-9EC9-482B-9536-1784F95DC8A8@ICSI.Berkeley.EDU> <484CC2A5.6050105@isi.edu> <1621FECD-ED33-4BF2-88D0-199D6FA75993@ICSI.Berkeley.EDU>
In-Reply-To: <1621FECD-ED33-4BF2-88D0-199D6FA75993@ICSI.Berkeley.EDU>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: p2pi@ietf.org
Subject: Re: [p2pi] One more proposed definition of fairness...
X-BeenThere: p2pi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: P2P Infrastructure Discussion <p2pi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/p2pi>
List-Post: <mailto:p2pi@ietf.org>
List-Help: <mailto:p2pi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1785161936=="
Sender: p2pi-bounces@ietf.org
Errors-To: p2pi-bounces@ietf.org


Nicholas Weaver wrote:
> 
> On Jun 8, 2008, at 10:41 PM, Joe Touch wrote:
>> ...
>>> EG, the ISP can at a single bidirectional point in the network 
>>> (admittedly keeping lots of state, but...) for a large group of users 
>>> infer the congestion on each TCP flow,...
>>
>> That's the point, however, where things stop when someone uses 
>> encrypted transport layers.
> 
> As long as the end point address is NOT encrypted, it doesn't matter.

How might I infer the congestion on each TCP flow when I can't see TCP 
connections, e.g.?

>> ...
>>> Yes, this is a LOT of engineering work to get right [1], but I 
>>> believe it is doable, and could accomplish the stated definition of 
>>> fairness (or something very close to it).
>>
>> A key question is whether it's worth the state it will take to get 
>> right. An endpoint might open a few thousand flows just to help 
>> overload your system ;-)
...

...
> c)  If a single host or small group of hosts starts doing behavior 
> designed to disrupt the flow cache deliberately (eg, >10k ACTIVE TCP 
> flows), I think the ISPs device can start doing some rate limiting on 
> flow creation as well, as there is a strong case that such is suspicious 
> behavior.

How can you infer that >10K flows from a host is deliberate disruption? 
If I buy an Internet connection from an ISP, I get as many flows as I 
can connect to.

Or have you decided that "the Internet" is now only as many flows as you 
can track efficiently? (see below)

>>> Furthermore, you can resist the attacks you mentioned.  Because the 
>>> ISP can prevent the user from minting new IP addresses (as they 
>>> control the point of attachment), this prevents address forging.
>>
>> Sure - the local ISP can prevent that. You can't prevent someone 
>> accessing multiple ISPs (cable, DSL, etc.), but presumably you don't 
>> care about that?
> 
> Yeah, why should the ISP care?  Its because common congestion pretty 
> much only occurs within the ISP, so it is the ISP's problem to mitigate, 
> and in the ISP's interest to mitigate.
> 
> Someone who's using multiple ISPs to transfer more bits is paying for 
> those extra bits, and it doesn't really matter.

Maybe I'm missing something, but if I have one ISP, I paid for THOSE 
bits too. How I use them is up to me, not the ISP.

Joe


_______________________________________________
p2pi mailing list
p2pi@ietf.org
https://www.ietf.org/mailman/listinfo/p2pi

v2.29.0 | Report a Bug | By Email | System Status