Didn't we have a solution to this problem? And the UDP flood from
Real? And a host of other problems with saturated links?
My operational issue is: what is the status of RED? Being small and
only having cisco and *nix routers, I'd expect it was widely deployed.
William Allen Simpson wrote:
My operational issue is: what is the status of RED? Being small and
only having cisco and *nix routers, I'd expect it was widely deployed.
Have some additional deployment data here that some may find
interesting:
http://condor.depaul.edu/~jkristof/red/
Note the decrease in packet drops during this experiment when RED was
enabled. If I ever get around to it, I have more data from later
experiments that I'll add to that page.
John
Didn't we have a solution to this problem? And the UDP flood from
Real? And a host of other problems with saturated links?
My operational issue is: what is the status of RED? Being small and
only having cisco and *nix routers, I'd expect it was widely
deployed.
RED alone doesn't help much against flooding attacks. You'd need
something like "RED with penalty box" or (flow-based) WFQ, and those
are either in research status or have other fundamental problems.
Don't get me wrong, RED is extremely cool - buy only routers that
support this at line rate, and configure it on any interface where you
expect even a slight chance of congestion.