On 3/12/19 9:36 AM, Grant Taylor wrote:
Recently I've been wondering about doing something to monitor the traffic and actually watch for a sufficient imbalance in outgoing SYN vs incoming SYN+ACK. If that gets too far towards SYN only, consider the route as being problematic. This would account for the ISP upstream issue too. Thus far I've only been thinking about the route in it's entirety. But it should be possible to also be more granular.
I think it would be possible to do similar for ICMP Echo (Request) (Type 8) and Echo Reply (Type 0).
It may be possible to use Connection Tracking's state transition mechanisms too. This might mean it's possible to use UDP-Lite protocol connection tracking support for UDP.
I've pontificated packet captures (possibly via libcap?) as well as selective IPTables rules to queue (copies of) packets to user space, possibly via the NetLink interface.
One of the other problems that I have (mentally) run into is how to properly handle the routing between multiple instances. Do you advertise an unreachable route, thus causing the other instances to be chosen? Do you blindly have the upstream instance re-route across to other upstream instances?
How do you have the main instance and the upstream instances communicate with each other? (This seems like the domain of a routing protocol.)
Do we need to periodically re-try traffic to problematic IPs and update routes accordingly?
I would love to learn that there are solutions to these problems and what they are.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
