On Tue, Dec 16, 2014 at 4:45 PM, Ryan Hamilton <r...@chromium.org> wrote: We considered this possibility when we started working on QUIC. We ran extensive tests in which we sent UDP packets from Chrome browsers all over the world to UDP server in various data centers. We saw a very high success rate. Now that we're farther along in the project we have experience running QUIC in the real world; actually browsing the web using QUIC. So far, it seems to work. But it's definitely possible that as we ramp up, we will hit unexpected obstacles like the ones you outline. It should be an exciting process!
I hope the SRE's are up for that level of excitement.
in my case, the policers are at some multiple of normal busy hour traffic profile for UDP.... and UDP is a very modest portion of overall traffic. Generally, this is great at catching DDoS traffic while not impacting daily life.
But, if ... youtube were to flip over to QUIC, it would be game-over real quick.
At which point i will link the SRE to this thread for their RFO.
Cameron
Cheers,
Ryan On Tue, Dec 16, 2014 at 4:28 PM, Cameron Byrne <cby...@gmail.com> wrote:
folks,
I bought this issue up over a year ago here
Aside from dns, UDP is the L4 protocol of volumetric abuse. Many networks have put in place network bandwidth and pps policers for UDP traffic. QUIC needs to adopt its own proper L4 protocol number to be unique from the policed abuse that happens as a result of reflection attacks associated with dns, ntp, chargen, ssdp and others on udp.
I understand you think that udp is easier for you to get around todays CPE nats, but i am tellIng you the udp packets drop when they crosses this policing threshold and quic will be in very unhappy place.
Its not just a cute slogan, udp is unreliable and there is not cute way around a router policer dropping udp.
It would be prudent to use something like rfc6555 happy eyeballs to fail back off of quic or between udp quic and new L4 quic. Unfortunatel, the situation with udp gets worse and worse by the day. I strongly suggest the quic googlers talk to the netops security googlers about the scope of these udp reflection attacks and state of practice on dealing with them... Then you will see that quic cannot thrive on udp
. UDP is not a clean slate, it is a sewer.
Regards,
Cameron
--
You received this message because you are subscribed to the Google Groups "QUIC Prototype Protocol Discussion group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to proto...@chromium.org.
To post to this group, send email to proto...@chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
|