[5055] in North American Network Operators' Group
SYN flooding -- drop policies
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Sun Oct 6 23:30:00 1996
Date: Sun, 6 Oct 1996 20:14:10 -0700
From: Vadim Antonov <avg@quake.net>
To: nanog@merit.edu
Mike O'Dell suggested using drop oldest in some situations.
Unfortunately it is about as good as RED if source of good
SYNs is deterministic and is *much* worse then RED if it
is bursty. Assuming that source of bad SYNs is deterministic
as well as server, and good SYNs come as Poisson process chances
of good SYN survival with RED are about 1-e^-1 times better
than with Drop Oldest. With self-similar SYN inter-arrival
pattern (there are some indications that it's like that) the
advantage of RED is even bigger.
I didn't do any serious research on that, so the result is of
"back of envelope" kind, but it does make some intuitive sense.
It should also be observed that tail-drop at customer access
gateway would reduce usefulness of RED (or Drop Oldest),
particularly when flood rate comes closer to link capacity.
The question of what max. queue length is the best remains
pretty much open; as well as how it interacts with back-off
SYN retransmissions.
--vadim
