Re: [re-ECN] Preferential Dropping

"McCann Peter-A001034" <pete.mccann@motorola.com> Mon, 17 May 2010 20:12 UTC

Return-Path: <pete.mccann@motorola.com>
X-Original-To: re-ecn@core3.amsl.com
Delivered-To: re-ecn@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 881163A6AFC for <re-ecn@core3.amsl.com>; Mon, 17 May 2010 13:12:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.184
X-Spam-Level:
X-Spam-Status: No, score=-4.184 tagged_above=-999 required=5 tests=[AWL=-0.185, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZa6jG1Jf7Q0 for <re-ecn@core3.amsl.com>; Mon, 17 May 2010 13:12:20 -0700 (PDT)
Received: from mail55.messagelabs.com (mail55.messagelabs.com [216.82.241.163]) by core3.amsl.com (Postfix) with ESMTP id 21D023A69A2 for <re-ecn@ietf.org>; Mon, 17 May 2010 13:12:18 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: pete.mccann@motorola.com
X-Msg-Ref: server-5.tower-55.messagelabs.com!1274127118!38164942!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [129.188.136.8]
Received: (qmail 32406 invoked from network); 17 May 2010 20:11:59 -0000
Received: from motgate8.mot.com (HELO motgate8.mot.com) (129.188.136.8) by server-5.tower-55.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 17 May 2010 20:11:59 -0000
Received: from il06exr04.mot.com (il06exr04.mot.com [129.188.137.134]) by motgate8.mot.com (8.14.3/8.14.3) with ESMTP id o4HKBr06027458 for <re-ecn@ietf.org>; Mon, 17 May 2010 13:11:58 -0700 (MST)
Received: from il06vts02.mot.com (il06vts02.mot.com [129.188.137.142]) by il06exr04.mot.com (8.13.1/Vontu) with SMTP id o4HKBrWq026806 for <re-ecn@ietf.org>; Mon, 17 May 2010 15:11:53 -0500 (CDT)
Received: from de01exm70.ds.mot.com (de01exm70.am.mot.com [10.176.8.26]) by il06exr04.mot.com (8.13.1/8.13.0) with ESMTP id o4HKBrnw026803 for <re-ecn@ietf.org>; Mon, 17 May 2010 15:11:53 -0500 (CDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 17 May 2010 16:11:23 -0400
Message-ID: <274D46DDEB9F2244B2F1EA66B3FF54BC06B2FA2F@de01exm70.ds.mot.com>
In-Reply-To: <201005171741.o4HHf4fM001778@bagheera.jungle.bt.co.uk>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [re-ECN] Preferential Dropping
Thread-Index: Acr16CLqrTTw1f5VS+ixJlOB9/mm5wAErW0g
References: <20100517143717.GF2670@verdi> <274D46DDEB9F2244B2F1EA66B3FF54BC06B2F753@de01exm70.ds.mot.com> <20100517162109.GH2670@verdi> <201005171741.o4HHf4fM001778@bagheera.jungle.bt.co.uk>
From: McCann Peter-A001034 <pete.mccann@motorola.com>
To: Bob Briscoe <rbriscoe@jungle.bt.co.uk>
X-CFilter-Loop: Reflected
Cc: re-ecn@ietf.org
Subject: Re: [re-ECN] Preferential Dropping
X-BeenThere: re-ecn@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: re-inserted explicit congestion notification <re-ecn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/re-ecn>, <mailto:re-ecn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/re-ecn>
List-Post: <mailto:re-ecn@ietf.org>
List-Help: <mailto:re-ecn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/re-ecn>, <mailto:re-ecn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 20:12:21 -0000

Hi, Bob,

Thanks for the explanation.

Bob Briscoe wrote:
> The analysis I did on this showed that re-ECN can raise the bar
> against DDoS so that the army has to be N times bigger to achieve the
> same *sustained* attack force, where N=1/p and p is the 'normal'
> level of congestion in the network. E.g. if normal congestion is
> 0.001%, a sustained attack against a re-ECN internetwork has to be
> 100,000 times bigger to cause the same damage as it could against a
> network without re-ECN.
> 
> Obviously, there are assumptions and details, but that was the
> take-home message. If anyone wants more details, just ask.

I'm curious about your definition of "damage".  Was it just "causing
a given loss probability on a particular target link"?  It seems like
there are other costs in a DDoS attack on a re-ECN enabled network, such
as causing well-behaving users to consume their black token allotment,
making them less able to respond to congestion for some time after the
attack.  But then, I guess the philosophy of re-ECN is that if you
experience
congestion, you are also causing it, so those well-behaving users that
marked near 100% should also be "held responsible" for the DoS attack...

My assumption was that this dropping should happen at any congested
link, not just the egress, for maximum effectiveness.  (Btw, is this
different from the behavior you propose for an "egress dropper"?  That
wasn't clear to me from the documentation.)  

How often do you think this technique would need to be invoked on a core

Internet router?  Do you agree that an out-of-band per-flow signaling
solution
would have difficulty supporting this feature, if the core routers
needed to implement it?

(I agree this is all out-of-scope of the charter discussion and that
preferential dropping shouldn't be in the initial charter anyway.  I
am just trying to understand whether this feature would be a motivation
for per-packet as opposed to out-of-band signaling solutions).

-Pete