[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Layer 2 access and Current Practices

On Thu, 3 Mar 2005 15:01:31 -0500
"Howard C. Berkowitz" <hcb@gettcomm.com> wrote:

> >>      Rate limiting is used by some ISPs although other ISPs believe it is
> >>      not really useful since attackers are not well behaved and it doesn't
> >>      provide any operational benefit over the complexity.  Rate limiting
> >>      can be improved by (need info)'
> >>
> >>  I'm not sure if this is the improvement you had in mind, Merike, but
> >>  rate limiting at layer 2 will be much more important if the L2
> >>  connectivity includes end user, easily compromised hosts.  L2 rate
> >  > limiting within the provider infrastructure seems a much lower
> >>  priority.

Again I'm catching up and not replying to the original message...

Just to throw this out there... what I've always thought would be
really useful to have is not so much a rate limiter, but have those
edge L2 ports 'mark' packets based on an average rate.  A simple
binary marking scheme as an example, would be 'mark packets X if
rate is at or below A, mark packets Y if rate is above A'.  This
mark could then be mapped at the IP ingress and used to drop, rate
limit, put into a special queue or whatever.