21 Jul
2015
21 Jul
'15
1 p.m.
On Mon, Jul 20, 2015 at 10:32 PM, Brian Kantor <Brian(a)ucsd.edu> wrote:
There's no QoS policy in effect, but 'amprgw' is getting hammered
at the moment, with inbound packet drops peaking in the 25% range
so performance is going to be horrible.
It's hard to see precisely what's happening but it looks like multiple
hosts (possibly a botnet) are sweeping through the 44/8 range looking
for something.
There's not much we can do about this in the short term. Long term
includes a higher-performance machine with faster network interfaces.
- Brian
In the short term, why not blackhole our unused IP space? If they're
sweeping, this should significantly cut the inbound traffic.
In the long term, if we mitigate attacks like this, it will make
CAIDA's research much less interesting. If that is a problem for them,
maybe they can put some of that research grant money towards an
upgraded amprgw.
Another long term solution is moving to a system of regional AMPR
gateways. (I believe this has already been discussed.) This would
divide 44/8 between enough routers that the aggregate inbound traffic
capacity would be much higher.
Tom KD7LXL