RE: draft status, BoF, replies to issues

[George Jones <gmj@pobox.com>]

On Sat, 21 Feb 2004, Pekka Savola wrote:

> On Fri, 20 Feb 2004, Ross Callon wrote:
> > If I am doing the math right:
> >
> >          - 10,000,000,000 bbs (OC192) divided by 40 bytes per packet
> >          - implies 31,250,000 packets per second are being hit by the
> >            filter.
> >
> > Assuming that the 32 bit number is a positive integer (so that you
> > don't have a sign bit, and can count all the way up to (2^32)-1:
> >
> > This will wrap around in a little more than two minutes.
> >
> > Which implies that 64 bit counters are a good idea, at least in
> > some cases.
>
> This is not just theory -- we implement rate-limiting in our our edge.
> When we were hit by 2.5 Mpps DoS attack, the numbers jumped up to
> something like 300 billion packets (AFAIR) pretty quickly.  And that
> wasn't even close to a line-rate attack.  The situation where the
> counter would have wrapped at 32 bits would have been unacceptable, as
> we might not have been able to appreciate the extent of the attack.

That being said, I'm inclined to leave it where it is now: 32 bit
MUST, 64 bit SHOULD.  Rational ?

On counter resets, should a distinction be made between restting the
counter and the display ? (and how does this fit with practice...not
knowing how things are implemented) ?

And, Pekka, I am realy truely working my way up the stack to your
comments.

George M. Jones    |  PHB: "A good manager hires people smarter than himself."
                   |  Dilbert: "We're doomed.  The CEO is the dumbest man in
                   |  the company".  Wally: "Or they're all bad managers".
                   |
gmj@pobox.com