[Standards] s2s blocking of abusive users

[Tomasz Sterna]

On Wt, 2007-12-04 at 16:27 +0100, Jesus Cea wrote:
> All traffic between two xmpp servers is transmitted using a single TCP
> connection. You can't "delay" a single remote user. You "delay" all of them.

I am very aware of that.


> In fact, if I would program a xmpp server, I would enqueue in RAM and
> cut the connection when buffer >X MB or I'm unable to flush the buffer
> after Y seconds.

I'm aware that the connection oriented TCP layer is very good at it and
I do not need to reinvent it at the application layer.


> In some circunstances the server simply can't choose to not generate new
> traffic. Let's say, I'm a user sending "normal" traffic to two other
> users. One of them is receiving just fine. The other one annnounces a
> closed TCP window (closed flow control) to the server, so traffic in
> being enqueued in tcp layer and, later, in the application. Server
> shouldn't block me, because that would impact my "normal" traffic with
> the responsive user.

Why would dropped packets affect the flowing ones?


> So flow control at TCP layer is of no help to the server. And less so
> when the stream coming is multiplexing traffic by several different
> (innocent) users. That is the case for S2S connections.

I am very aware of that.


> I think stpeter is talking more in the line of "I'm receiving abusing
> traffic from XX at YYYY. I don't want to punish ALL @YYYY users.

And if you would reread my statements I'm against it.
It's the abuser server role to take care of the abuser, not the abused
one. And if it does not taking care, all of it's users will hurt.
Experience shows that collective responsibility is good at enforcing policies.


> So, no TCP queues or delays to care of.

You don't ever need to take care of the TCP queues manually. They "just work". :-)


-- 
  /\_./o__ Tomasz Sterna
 (/^/(_^^'  Xiaoka.com
._.(_.)_  XMPP: smoku at xiaoka.com