Re: Level3 routing issues?

["Jack Bates" <jbates () brightok net>]

From: "Robert A. Hayden"


> What about doing some priority-based QoS?  If a single IP exceeds X amount
> of traffic, prioritize traffic above that threshold as low.  It would keep
> any one single host from saturating a link if the threshold is low.
>
> For example, you may say that each IP is limited to 10mb of prioirty
> traffic.  Yes, a compromised host may try to barf out 90mb of chaff, but
> the excess would be moved down the totem pole.
<snip>

Down the totem pole isn't off the totem pole. In most cases the issue wasn't
traffic priority. Most network equipment isn't designed to handle 100%
capacity from all ports. Under standard operation, maximum capacity is never
reached. It is cost prohibitive to support it. In addition, this was a dual
issue. Not only did the bandwidth saturate, the packets are so small that in
reaching for 100% saturation, many routers and switches first exceeded their
maximum pps thresholds. The best defense is to monitor and know your
traffic. When traffic becomes uncommon, someone needs to be alerted. A 30%
processor increase is not a good thing; ever. Second, know the optimizations
for your particular equipment and code. Each piece of equipment has it's own
optimizations. In my case, it was better to access-list at the router level
than to run bandwidth limiting, and I run a crummy 7200. It's even nicer on
a 7500+ where it's offloaded to the linecard processors. If a portion of the
network or a specific port is unrecoverable, shut it down. The server won't
be able to handle traffic anyways, and it is better to cut off a portion of
the network than lose the entire network.

Jack Bates
Network Engineer
BrightNet Oklahoma