If you are doing per-flow queuing then you can handle priority within
your queuing discipline and denial of service attacks get handled
automatically. Ultimately, a network mechanism/protocol that lets
misbehaving flows be traced back to their source is going to be
important.
- Stefan
> -----Original Message-----
> From: John Snell [SMTP:geigudr@cs.washington.edu]
> Sent: Friday, May 15, 1998 9:00 PM
> To: syn@cs.washington.edu
> Subject: ack priority
>
> On Thu, 14 May 1998 savage@cs.washington.edu wrote:
>
> > Date: Thu, 14 May 1998 18:00:20 -0700
> > From: savage@cs.washington.edu
> > To: tom@emigrant, syn@cs
> > Subject: RE: tomorrow's meeting
> >
> > I'd like to suggest the following for small simulations (some easy,
> some
> > harder):
> >
> > 5) ACK priority. Dropping other traffic in defference to ACKs.
> > What effect does this have on congested link? Interplay with ECN?
> >
> > 6) SYN priority (same as ACK)... how does this effect
>
> Either one. Question: What does "priority" precisely mean? Does
> that
> mean that, if I, as bastard@inter.net start sending a pure stream of
> acks
> through your router, you stop transferring any other data? When I see
> those two statements, I think of "syn flood."
>
> In general, I'm curious as to how priority schemes like this hold up
> in an
> non-altruistic network.
>
>
>
> ______________________________________________________________________
> _______
> "One of these days, I'm going to implement a new method of controlling
>
> network flow: Selective Negative Acknowledgements -- If for no other
> reason than the opportunity write about SNAKs."
>
>
>