From: Mike O'Dell <mo@ccr.org>
To: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Cerowrt-devel Digest, Vol 44, Issue 24
Date: Sun, 19 Jul 2015 12:23:42 -0400 [thread overview]
Message-ID: <33363.1437323022@ccr.org> (raw)
In-Reply-To: <mailman.3.1437246001.9264.cerowrt-devel@lists.bufferbloat.net>
Sigh.....
The most sophisticated QoS mechanism ever deployed in any
material manner is the one which was ATM's raison d'etre.
And ya know what? IT WASN'T USED!
well, it was used a little - to give real-time video the goose
over IP traffic in certain USG networks, but that was only TWO
classes of service.
I was at the meeting where DiffServ was invented and it was *NEVER*
imagined for an instant that only a very small number of the bit
patterns made any sense at all. Why? Because the ability to make
the network behave differently is profoundly limited.
However, at UUNET we decided that for most customers, the customer
tail was the fundamental source of congestion. Hence, if we honored
Diffmarks in the customer direction on the tails, the customer's
site border router could honor them in the ISP direction and
we'd find out quickly how much good it really does. We understood
that it only worked on-net, but it was relatively easy to try.
We were on the verge of enabling it on our (the UUNET) end when
Louis Mamakos identified the fundamental show-stopper to doing it.
It gives DOS attacks nuclear weapons.
Simply set the DOS packets to the highest priority and pound away.
The Diffserve model doesn't include any fairness guarantees,
certainly the router implementations at the time didn't provide them
and it isn't clear how that should work depending on how one
interprets the Diffmarks.
Note that if the ISP network is large, ingress source address
filters don't do any good. There's plenty of room to have a botnet
able to crush things all of it "on net".
The fundamental problem with doing anything to police traffic in
the customer-bound direction is that it requires imputing the
desire of the customer to receive each and every packet.
I haven't heard of any scheme for the requisite mind-reading
which is implementable and doesn't contain the seeds of
its own destruction by adversarial manipulation.
So I have serious heartburn with Diffserv fundamentally.
The notion that there could ever be that many different
viable QoS flavors is, in my opinion, completely *absurd*.
So, if you wanna try to do it in the ISP-bound direction,
Party on, dudes!
But don't expect much from the effort.
Harumph
-mo
next parent reply other threads:[~2015-07-19 16:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.3.1437246001.9264.cerowrt-devel@lists.bufferbloat.net>
2015-07-19 16:23 ` Mike O'Dell [this message]
2015-07-19 19:24 ` Jonathan Morton
2015-07-20 7:17 ` Mikael Abrahamsson
2015-07-20 7:51 ` Jonathan Morton
2015-07-21 17:47 ` Mike O'Dell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33363.1437323022@ccr.org \
--to=mo@ccr.org \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox