Scavenger traffic is assigned a lessthanbest effort queuing treatment whenever congestion occurs

The Scavenger class is intended to provide deferential services, or less-than-best-effort services, to certain applications. Applications assigned to this class have little or no contribution to the organization. Assigning Scavenger class traffic to a minimal bandwidth queue forces the traffic to reduce to almost nothing during times of congestion, but allows it to be available if bandwidth is not being used for business purposes. A Scavenger class traffic strategy allows normal traffic flows to not be impacted by spike traffic flows such as those that could be experienced in the event of a DoS worm attack.

• All end systems generate traffic spikes.

• Sustained traffic loads beyond "normal" from each source device are considered suspect and marked as scavenger (DSCP CS1).

• No dropping at campus access-edge, only re-marking.

The figure shows an example of what happens to out-of-profile traffic when data policing is applied.

End systems can generate traffic spikes at times, but usually those spikes are not sustained. However, you do not want a traffic spike to impact the rest of the network, so you can mark down the excessive traffic to a class that gets only about one to two percent bandwidth. Once the traffic is re-marked to scavenger class, it is policed aggressively.

The same concept applies to DoS worm attack mitigation. Worms can cause sustained spikes by effected end systems, but once this out-of-profile traffic is detected, it can be marked down to a scavenger class and policed aggressively until a security application within the network removes it.

The key is not to police the out-of-profile traffic at the access edge, but rather as the traffic enters into the core distribution layer. By using this principle, the out-of-profile traffic never negatively impacts the over-all network.

Police

Police

Excess Traffic Is Re-Marked to Scavenger (DSCP CS1)

Excess Traffic Is Re-Marked to Scavenger (DSCP CS1)

Normal/Abnormal Threshold

Normal/Abnormal Threshold

Was this article helpful?

0 0

Post a comment