From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 1AA4A3B260 for ; Mon, 6 Jun 2016 14:52:05 -0400 (EDT) Received: by mail-oi0-x230.google.com with SMTP id e72so240743234oib.1 for ; Mon, 06 Jun 2016 11:52:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=EIGmcObDB+AbVvDc0MSmV1qgZHukQwE6NPhky4HoOGc=; b=gz0nny/tIR5d0cQEyO1pAml1l2MkYAmcaAWjDGuCx8HeVW2zDCSL/fkNK5ik7YlWiW AHUAOERqkzPpKeXaQxokfz1QclN6tYSSstfM2abDYGxQqLXNd6qnKOPZeSE3fldah19f fF+X7reEoYkZRfSJCD7tOa+8T6MCtONl1yRjcaV5KRXq8iNwsRClFgXwhQorvx84EpZ7 CFAAi+oTglZXfblNVeusKL8tpbor3QMYiBKf0X/BFD5XnhQU011Ao51+NM6Zrysg/QK7 lIH44gOMJ6sC8DQBN/XSr1t/mdmHrtK6rjbAhAWBMPo7ZN3cB8aiyVswX5ntBHtF/Yvw l4KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=EIGmcObDB+AbVvDc0MSmV1qgZHukQwE6NPhky4HoOGc=; b=NraIIfHqg2B8bBRq4expMP/e93pDrOez5BS4PHHJwCLfJyZ4atmEgrLoLZel8cV7aS YorgMsMyIL8/q5ucXnNZf2wl8EaNwREL4kSxueuhSVCXmJfqkBHXDjhBh3gPat0uhoFB rf2XFu4wCAAdToJ5/a6xHlUw3rE0inPyOvm6XneMhek04MKC0cj3Z/vpU0SoqvQ44VFx YA8kB7CFV221U1mrbs5MrriQsuL2pUu6bovGyxidkkQsPoJp/fI0s9SSX5wT4udCyhwi AFgUBzCqBCYhXwU52UMFrX7KX2tFvRzlA4KjP9j8yFkcbvvlS13JNljlFK96zir0KRp7 U32w== X-Gm-Message-State: ALyK8tJDhuV31EFtq0F8zXfaf/8jh0Rt8npNyJFpabw33GvegZtkZ0M4KAm7wPbPUl/QrJPHXyZN2yoOBYhYCw== X-Received: by 10.157.56.101 with SMTP id r34mr4256592otd.154.1465239124286; Mon, 06 Jun 2016 11:52:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.229.210 with HTTP; Mon, 6 Jun 2016 11:52:03 -0700 (PDT) From: Dave Taht Date: Mon, 6 Jun 2016 11:52:03 -0700 Message-ID: To: bloat Cc: John Heidemann Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Bloat] industrial scale bufferbloat in a DDOS on core DNS servers X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 18:52:05 -0000 I had a lot of papers to read on my vacation. This one, in section 3.3: "Figure 7 shows the median RTT for selected K-Root sites. Although the K-AMS site remained up and showed minimal loss, its median RTT showed a huge increase: from roughly 30 ms to 1 s on Nov. 30, and to almost 2 s on Dec. 1, strongly suggesting the site was overloaded. K-NRT shows similar behavior, with median RTT rising from 80 ms to 1 s and 1.7 s in the two events. Overload does not always result in large latencies. B-Root (a single site) showed only modest RTT increases (Figure 4), since only few probes could reach it during the attack (Figure 3). We hypothesize that large RTT increases are the result of an overloaded link combined with large buffering at routers (industrial-scale bufferbloat [23])." from: http://www.isi.edu/~johnh/PAPERS/Moura16a.pdf The authors did not have any insight into where on the path the RTT increases were coming from. Now that we have adequate fq and aqm solutions out there for bsd and linux, perhaps some load balancers (often bsd based?) are sources of bufferbloat? Or perhaps others in the dns world, fighting off DDOS attacks, can look harder at where the RTT increases are from? --=20 Dave T=C3=A4ht Let's go make home routers and wifi faster! With better software! http://blog.cerowrt.org