Steven M. Bellovin wrote:
Personally, I see a big difference between rate-shaping and sending
RSTs. (I suppose you could view RSTs as allocating 0 bps, but that's
not a helpful distinction.)
I see a big difference as well.
With rate-shaping they would need to have the P2P identification widget
in-line with the data path to be able to classify and mark traffic so
that it can be queued/throttled appropriately. This means that overall
network availability would now be tied to a device that isn't really a
proven piece of network hardware. To send TCP resets, on the other
hand, all that is needed is a span session to the inspection probe to
let it determine which connections to shutdown and issue the resets
completely out of band. If the inspection probe kacks, everything on
the network continues to function and only the P2P throttling
functionality would be impacted.
As a network engineer focused on availability, I have a very clear
preference in implementation.
-Eric
