Dirk Harms-Merbitz <dirk@orlando.power.net> wrote:
Seems to me that a good way of limiting damage from runaway networks/hosts would be a modifaction of RED (Random Early Drop).
Controlled Early Drop (CED? I just made this up, suggestions?) would allow a router to give a preference to connected networks/hosts. Packets from certain networks would have a higher chance of being dropped from a router queue then packets from other networks.
This is a packet classification problem. Here's a fragment from a test configuration file for my boxes-as-being-developed: ------------------------------------------------------------- ip-classifier FILTER1 { if( srcaddr = [192.40.77.20 : 192.40.77.90] and ((proto = tcp and srcport <> [smtp, telnet, 512]) or (proto = udp and dstport = domain)) ) { priority-select { 0: class PRIORITY 1,2: { if( tos = bulk ) blackhole goto l1 } } reject } if( tos = [interactive, bulk, 017] ) class INTERACTIVE l1: if( dstaddr = 199.0.55.1 and tcp-syn ) reject class ROUTINE } ip-classifier DEFAULT { priority-select { 0: class ROUTINE 1: class PRIORITY } class INTERACTIVE } interface E1021-0 { description "PL126612 to Joppa, MD" bandwidth 0.1G ip-address 144.227.0.11/24 ip-secondary 199.0.88.11/24 keepalive no out-ip-classifier FILTER1 out-class ROUTINE { bandwidth 0.5% ; priority 4 } out-class PRIORITY { bandwidth 20% ; priority 5 } out-class INTERACTIVE { bandwidth 1M ; priority 7 } ip-peer 144.227.0.12 { out-ip-classifier DEFAULT } ip-peer 144.227.0.50 { mac-address 01.29.00.11.91.21 } } interface X123 { load-share [E1021-0, E1021-1, E777-0] } ------------------------------------------------------------- Are you netgeeks salivating yet? :) --vadim