What about doing some priority-based QoS? If a single IP exceeds X amount of traffic, prioritize traffic above that threshold as low. It would keep any one single host from saturating a link if the threshold is low. For example, you may say that each IP is limited to 10mb of prioirty traffic. Yes, a compromised host may try to barf out 90mb of chaff, but the excess would be moved down the totem pole. Obviously, this may not make sense in all environments, but in a campus or large enterprise situation, I can see this occuring on your WAN links in particular. On Sat, 25 Jan 2003, K. Scott Bethke wrote:
BIll, ----- Original Message ----- From: "Bill Woodcock" <woody@pch.net>
I'd agree with it. Except the herds of losers who still buy exploding crap from Vendor M don't seem to be thinning themselves out quickly
dude, the Exploding Cars are so much easier to drive than the ones from Vendor L. (tic)
enough. Maybe they're sexually attractive to each other, and reproduce before their stupidity kills them. That would be unfortunate. Or maybe it's just that none of this computer stuff actually matters, so exploding crap isn't actually fatal. Maybe that's it.
I think it sucks that they are exploding on MY highway.
With that in mind is it time yet to talk about solutions to problems like this from the network point of view? Sure its easy to put up access list's when needed but I have 100megs available to me on egress and I was trying to push 450megs. Is there anything protocol, vendor specific or otherwise that will not allow rogue machines to at will take up 100% of available resources? I know extreme networks has the concept of Max Port utilization on thier switches, will this help? Suggestions?
-Scotty