From owner-freebsd-net  Sat Jul 17 15:42:47 1999
Delivered-To: freebsd-net@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 43D4314FA9
	for <net@FreeBSD.ORG>; Sat, 17 Jul 1999 15:42:33 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id SAA24085;
	Sat, 17 Jul 1999 18:41:08 -0400 (EDT)
	(envelope-from wollman)
Date: Sat, 17 Jul 1999 18:41:08 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199907172241.SAA24085@khavrinen.lcs.mit.edu>
To: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Cc: nagao@iij.ad.jp (NAGAO Tadaaki), des@flood.ping.uio.no,
	net@FreeBSD.ORG
Subject: Re: dummynet -> rate limiting
In-Reply-To: <199907171713.TAA16969@labinfo.iet.unipi.it>
References: <19990718034115X.nagao@iij.ad.jp>
	<199907171713.TAA16969@labinfo.iet.unipi.it>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Sat, 17 Jul 1999 19:13:29 +0200 (MET DST), Luigi Rizzo <luigi@labinfo.iet.unipi.it> said:

> Ok, i have no objections in principle, but i fail to see the use of
> pps limiting. What does it model in a context (IP) where packets for sure
> are not constant size ?

Surely I shouldn't need to give this lesson to you, in particular,
Luigi.  As we all know, performance of network elements can be broken
down into two components: per-packet cost, and per-bit (mostly
serialization) cost.  It may be necessary to protect a part of the
network with high per-packet costs from an attacker intent on denying
service from that network or device -- think ping floods.  My network
used to go down like clockwork every time some Linux machine got
cracked, because the switches we had melted down under the load of
processing 20,000 64-byte packets per second.  (We have since managed
to replace the losing hardware, but keep in mind that this is not an
option open to everyone.)

Cisco added a packet-rate-limiting feature in their ISP train some
time ago, and it made it into 12.0 on certain platforms, so at least
one big Cisco customer must think it's useful.

-GAWollman

--

Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message