On 2009-03-27 22:14, Matthew Moyle-Croft wrote: ...
I have ports on IXes where other companies have 40x the bandwidth I do. (I have 1GE, they have 40GE). If the other party was to be allowed 10% of their traffic as "high priority" then easily I could have my entire port taken over by one organisation, even if that was NOT WHAT I WANTED.
I agree that simple priority is totally broken for exactly this reason. Actually this is why Diffserv (RFC2474/RFC2475 etc) was designed. You need classification and traffic shaping at every ingress, so that you can share the capacity fairly (i.e. neutrally). My personal prejudice is that this is useful to do at points where bandwidth is precious, but in an IXP I'd be surprised if classification and shaping hardware with enough throughput at every ingress would work out cheaper than adding bandwidth.
Priority for IXes is pointless. No one that I'm aware of does differential priority on their Internet networks which can be accessed externally. (Nothing like making a DDoS really effective). Why? Because priority is about trust relationships. Fundementally the Internet is untrustworthy. Therefore I can't trust any markings coming externally. How do I know a peer is really trustworthy or that their customers are?
That's why you'd have to classify and shape at *every* ingress. There are ideas about doing that as a way to limit DOS traffic, but it won't be free. Brian
If people want to organise standard passing of priority bits for non-Internet traffic, then that's all well and good. But I suspect the relationship will have to be very different to the nature of Internet IXes.
MMC
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog