[182737] in North American Network Operators' Group
Re: UDP clamped on service provider links
daemon@ATHENA.MIT.EDU (Ted Hardie)
Thu Jul 30 17:04:26 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <20150730154552.63a3ecd5@localhost>
Date: Thu, 30 Jul 2015 14:04:20 -0700
From: Ted Hardie <ted.ietf@gmail.com>
To: John Kristoff <jtk@cymru.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Thu, Jul 30, 2015 at 1:45 PM, John Kristoff <jtk@cymru.com> wrote:
> On Mon, 27 Jul 2015 19:42:46 +0530
> Glen Kent <glen.kent@gmail.com> wrote:
>
>
> > Is there a reason why this is often done so? Is this because UDP
> > is stateless and any script kiddie could launch a DOS attack with a
> > UDP stream?
>
> State, some form of sender verification and that it and most other
> commonly used protocols besides TCP do not generally react to implicit
> congestion signals (drops usually).
>
>
=E2=80=8BHmmm. The WebRTC =E2=80=8Bstack has a pretty explicit form of get=
ting and then
maintaining consent; it also rides on top of UDP (SRTP/UDP for media and
SCTP/DTLS/UDP for data channels). Because both media and data channels go
from peer to peer, it has no preset group of server addresses to white list
(the only way I can see to do that would be to force the use of TURN and
white list the TURN server, but that would be problematic for
performance). How will you support it if the default is to throttle UDP?
Clue welcome,
Ted
