On 1/3/21 1:22 PM, Mark Delany wrote:
Even with a participating application, quiescing in-memory state to something less than, say, 1KB is probably hard but might be doable with a participating TLS library. If so, a million quiescent connections could conceivably be stashed in a coupla GB of memory. And of course if you're prepared to wear a disk read to recover quiescent state, your in-memory cost could be less than 100 bytes allowing many millions of quiescent connections per server.
Even at 1000 bytes, we're talking about 40GB for the entirety of California. You can get off the shelf cloud VM's with that easily these days, and 10 of those covers the US (ok, redundancy, but still...). That's probably why DoH wasn't a big deal. Throwing memory at a problem these days is probably easier than any heroic measures. Mike