QRM: A queue rate management for fairness and TCP flooding protection in mission-critical networks

When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants designed to improve performance on those links often provide poor performance and sub-optimal QoS properties. Centralised and collaborative resource management tools like C2ML have been proposed to guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilisation and optimal throughput along with the reliable delivery of packets. However, such tools offer only very limited security guarantees. Both good citizenship and security from flooding attacks are fundamental conditions for the provision of fairness, especially in mission-critical networks. For example, perpetrators of a man-provoked disaster may want to perform a resource exhaustion attack on the network supporting disaster recovery operations, so as to cut out legitimate users from the communications and increase the emergency impact. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from traffic overflow attacks in scenarios where access to the shared link is controlled by a tool that assigns to client hosts a bandwidth upper bound. The proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that host. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we employ the ns-3 network simulator to compare QRM with CoDel, RED and GREEN, showing how QRM provides better performance in terms of both throughput and QoS guarantees in the aforementioned scenarios.