Scavenger Class QoS DoSWorm Mitigation Strategy Cont

Queuing only engages if links become congested.

• When congestion occurs, drops will also occur.

Scavenger class QoS allows for increased intelligence in the dropping decision.

• "Abnormal" traffic flows will be dropped aggressively.

• "Normal" traffic flows will continue to receive network service.

Queuing will engage when links become congested and Traffic previously marked as scavenger is dropped aggressively.

The key point of this strategy is that legitimate traffic flows that temporarily exceed thresholds are not penalized by Scavenger-class QoS. Only sustained, abnormal streams generated simultaneously by multiple hosts (indicating DoS worm attacks) are subject to aggressive dropping—and such dropping only occurs after in-profile traffic has been fully serviced. The campus uplinks are not the only points in the network where congestion can occur. Typically, WAN and Virtual Private Network (VPN) links are the first to congest. However, Scavenger-class "less-than-best-effort" queuing should be provisioned on all network devices in a consistent manner (according to hardware capabilities).

Was this article helpful?

0 0

Post a comment