[183978] in North American Network Operators' Group
correlation between ingress and egress traffic in case of
daemon@ATHENA.MIT.EDU (Martin T)
Wed Sep 23 12:07:12 2015
X-Original-To: nanog@nanog.org
Date: Wed, 23 Sep 2015 19:07:09 +0300
From: Martin T <m4rtntns@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Hi,
volume-based DDoS attacks should often result with following bandwidth graphs:
http://s12.postimg.org/gy3eps10t/volume_based_DDo_S_graph.png
This is a fabricated bps graph for 100GigE port facing an uplink
provider. As seen on the image, outgoing traffic drops at the time
when incoming traffic increases. I could see following reasons for
this:
1) large portion of traffic uses TCP protocol and in case of
congestion(even in one direction), ACK messages are lost and TCP
congestion avoidance kicks in and as a result it will reduce the cwnd
which in effect reduce the data TCP sender can send
2) certain router platforms share some hardware resources both with Tx
and Rx traffic
Are those assumptions correct? Are there any other reasons which cause
outgoing traffic to drop if incoming traffic is very high or the other
way around?
thanks,
Martin
