[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: host-centric draft

On 1-mrt-04, at 15:16, Kurt Erik Lindqvist wrote:

That's why I think we should only perform reachability checks when we
already know or at least have a strong suspicion that something is
wrong.


One possible exception is session establishment: it might be useful to
try several setup attempts in parallel, as the one that completes the
fastest is probably also the one that offers best peformance during
the session.


Don't this open up for a new DDoS? Interrupt the transport on both
sides, or at a (or multiple) site exit router, enough to cause a storm
of setup attempts?

Would the interruption of the transport in and of itself be a DoS you need to worry about?? :-(

I think having two, three or four SYNs at the same time is ok as long as we only do this once every X seconds rather than several times a second which could happen with HTTP. Also, we may want to include a TCP option that lets the server know different SYNs are part of the same session setup attempt so the server can react in a smarter way. (For instance, delay SYN+ACKs a bit for less-preferred addresses and throw away the remaining half open TCP sessions when one completes.)