[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft status, BoF, replies to issues

To: Ross Callon <rcallon@juniper.net>
Subject: RE: draft status, BoF, replies to issues
From: Pekka Savola <pekkas@netcore.fi>
Date: Sat, 21 Feb 2004 08:49:51 +0200 (EET)
Cc: "Harrington, David" <dbh@enterasys.com>, <gmj@pobox.com>, <opsec@ops.ietf.org>
In-reply-to: <4.3.2.20040220161401.02ead2d8@zircon.juniper.net>

On Fri, 20 Feb 2004, Ross Callon wrote:
> If I am doing the math right:
> 
>          - 10,000,000,000 bbs (OC192) divided by 40 bytes per packet 
>          - implies 31,250,000 packets per second are being hit by the 
>            filter. 
> 
> Assuming that the 32 bit number is a positive integer (so that you
> don't have a sign bit, and can count all the way up to (2^32)-1:
> 
> This will wrap around in a little more than two minutes.
> 
> Which implies that 64 bit counters are a good idea, at least in 
> some cases. 

This is not just theory -- we implement rate-limiting in our our edge.  
When we were hit by 2.5 Mpps DoS attack, the numbers jumped up to
something like 300 billion packets (AFAIR) pretty quickly.  And that
wasn't even close to a line-rate attack.  The situation where the
counter would have wrapped at 32 bits would have been unacceptable, as
we might not have been able to appreciate the extent of the attack.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- RE: draft status, BoF, replies to issues
  - From: George Jones <gmj@pobox.com>

References:
- RE: draft status, BoF, replies to issues
  - From: Ross Callon <rcallon@juniper.net>

Prev by Date: Re:
Next by Date: Filter performance req rewritten
Previous by thread: RE: draft status, BoF, replies to issues
Next by thread: RE: draft status, BoF, replies to issues
Index(es):
- Date
- Thread