On Wed, Aug 15, 2007, Fred Baker wrote:
And finally why only do this during extreme congestion? Why not always do it?
I think I would always do it, and expect it to take effect only under extreme congestion.
Well, emprically (on multi-megabit customer-facing links) it takes effect immediately and results in congestion being "avoided" (for values of avoided.) You don't hit a "hm, this is fine" and "hm, this is congested"; you actually notice a much smoother performance degredation right up to 95% constant link use. Another thing that I've done on DSL links (and this was spawned by some of Tony Kapela's NANOG stuff) is to actually rate limit TCP SYN, UDP DNS, ICMP, etc) but what I noticed was that during periods of 90+% load TCP connections could still be established and slowly progress forward but what really busted up stuff was various P2P stuff. By also rate-limiting per-user TCP connection establishment (doing per-IP NAT maximum session counts, all in 12.4 on little Cisco 800's) the impact on bandwidth-hoggy applications was immediate. People were also very happy that their links was suddenly magically usable. I know a lot of these tricks can't be played on fat trunks (fair queueing on 10Gig?) as I just haven't touched the equipment, but my experience in enterprise switching environments with the Cisco QoS koolaid really does show congestion doesn't have to destroy performance. (Hm, an Ixia or two and a 7600 would be useful right about now.) Adrian