On (2005-05-25 14:15 -0400), Valdis.Kletnieks@vt.edu wrote:
If you're seeing enough DoS traffic that an incorrect TOS is causing an issue for you, you probably need to find better ways to mitigate that traffic. Remember that at the *source* end, the DoS traffic is pretty minimal, and at the target end, I doubt that the TOS labelling will matter in the slightest....
We have lot of 256k, 512k, 1024k and 2048k customer. And we're taking multiple gigabits of traffic in our AS. How would you pick 256kbps of offending prec5 stream from that traffic and pick it immediately since the first packet, so that voice calls are not disturbed? The 256kbps can be even legal FTP transfer some clever kid decided to tag with prec5 since he noticed that he can get whole capacity with it.
I'd recommend making sure that either the AS-external traffic isn't revenue-generating, or the AS-internal traffic generates more revenue than the external, or that the people who are generating the dropped traffic are a set of captive customers. ;)
AS-internal is eg. MPLS-VPN and SIP to PSTN-GW, things that corporate business rely on, I don't care about dropping Internet in favor of keeping those services running. Congestion should not happen in our network, if it happens it's most probably intended network disturbance, -- ++ytti