[Cake] arp flow dissector
Jonathan Morton
chromatix99 at gmail.com
Mon Sep 3 08:26:11 EDT 2018
> On 3 Sep, 2018, at 2:14 pm, Toke Høiland-Jørgensen <toke at toke.dk> wrote:
>
> However, in normal operation ARPs should be fairly rare, so adding this
> support to CAKE would mostly be to protect against flooding, wouldn't
> it?
Mostly it's just for consistency's sake. Currently all ARPs end up in a single queue together, because they have no IP header and no transport header to extract any of the components of the usual 5-tuple from. With IP addresses extracted, they would be correctly associated with their originating and/or destination hosts for fairness purposes, while still being in distinct queues from normal traffic.
I suspect anyone generating an ARP flood would also be doing a lot of spoofing, so it's not actually very helpful from that perspective. In fact, arguably the current behaviour of putting all ARP traffic in a single queue would be better.
Conversely, it's straightforward to imagine a scenario where ARP is a tiny fraction of the traffic generated by one host, but ARP traffic from many idle hosts contributes more significantly to the total. Most of these ARP requests might just be part of a DHCP transaction.
- Jonathan Morton
More information about the Cake
mailing list