[Codel] [Make-wifi-fast] fq_codel_drop vs a udp flood

Jonathan Morton chromatix99 at gmail.com
Sun May 1 11:51:10 EDT 2016


> Maybe I missed something, but why is it important to optimize for a UDP
flood?

I draw a firm distinction between a "simple" UDP flood as described in this
thread, and a DDoS.  The latter is much harder to mitigate than the
former.  There is value in being able to cope with an unresponsive, high
volume UDP flow while leaving the network as a whole responsive.  To do so
on a consumer-grade router requires the coping mechanism to be at least
moderately CPU efficient.

It's all too easy to mis-design or mis-implement an otherwise useful
protocol so that it looks like a flood.  There need not be any malice
involved.

A case in point would be the accidental NTP DDoS inflicted by a particular
brand of router on one specific NTP server (and the network hosting it)
after a widespread blackout was resolved.  Not only was the IP address
hardcoded in that router, but it retried every second instead of an
exponential backoff.  Both are NTP protocol violations.  The server quickly
became too overloaded to respond at all, leading to a stable flooding
state.  But the traffic volume from each individual router was, in absolute
terms, miniscule.

One can easily imagine a faulty uTP implementation failing to perform
congestion control.  That would result in a UDP flood over a relatively
small number of flows, which is exactly the sort of scenario we can
realistically control with a little effort.  How many fly-by-night
BitTorrent clients are there out there?  The protocol is increasingly used
in game updater-launchers, too.

- Jonathan Morton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/codel/attachments/20160501/2fcc1969/attachment.html>


More information about the Codel mailing list