--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87v9ptak3g.fsf%40dustycloud.org.
what does erlang do? ;-)
> There is another approach, credit based flow control, that might be more
> appropriate for ocap systems. The idea is simple. The receiver gives the
> sender a credit for something, say number of messages, number of network
> packets, amount of data, or whatever. The sender then keeps track of its
> available credits and stops sending when they are exhausted. (Data sent
> without a credit is dropped by the receiver.) The receiver provides new
> credits to the sender when it can handle the traffic.
Initially I thought about something similar but using something more
along the lines of actual money, but that seemed to result in a
turtles-all-the-way-down problem, because the money system itself would
probably have to have its own protocol which may suffer from
backpressure problems.
money" is that a malicious user could open up many connections from many
different machines to "get more work done". So in a sense, does the
system you're talking about require a certain amount of cooperation to
not abuse?
A cooperative approach, by contrast, makes a lot of sense... Vat A would
like to talk to Vat C, Vat C gives Vat A 30 tokens to spend on messages
before it can send more messages. *That* makes a lot of sense to me
without a "shoulder accountant angel/demon" watching over every message
sent and can be done automatically. It is vulnerable to a DDOS (but so
is link saturation by brute force overloading with garbage packets) but
it does help for scheduling cooperation.
Of course, the problem with *not* using something resembling "realmoney" is that a malicious user could open up many connections from manydifferent machines to "get more work done". So in a sense, does thesystem you're talking about require a certain amount of cooperation tonot abuse?
--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87k1689vj6.fsf%40dustycloud.org.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAK-_AD7yMmUu%2BDusTrFfqG_xOD5VvM06y3b7Z9WxTiUzhDxwnA%40mail.gmail.com.
Credit based flow control is most commonly used in datacenter networks, where the switches are cooperating to get the traffic through. Any kind of abuse is typically handled by throttling at the ingress point.
The idea was regarding resource consumption on run
hosts. Basically an run host is a vat host where
the vats are each metered on cpu time, memory usage
over time and outgoing bandwith.
Incomming messages also have postage.
(the stamps used are basically macaroons whose
initial issuer is the runhost itself. Due to
expury/only-before on those there is a demurrage
effect, so long term hoarding for later DOSing is
quite mitigated)
Each run host is also a mint of tokens/units/whathaveyou which is the only acceptable currency
to pay these costs.
Runhosts trade those token between themselfs andor
kiosks (service directories).
With upcomming extensions to Tor hidden services
one could use the stamps used in incomming messages
described above to do connection establishment rate
limiting. (The extended auth portion of tor INTRO cells can carry those stamps. Meaning that the hidden
service server can check them before building a circuit back to the Rendevouz Points given in the INTRO cells)
So, ear of limted uses seem to be (r)emergent idea
in this kind of context.
The backpressure issue in the E system is a bit different than
in the general IP world. In E, there is only one TCP connection
between two vats, ensured by using the VATids during connection
setup.