[watermoose]

> This is much better than trying to estimate bandwidth from packet loss.

This definitely seems like an improvement, however is it possible that this changed could result in one or more additional attack vectors?

In addition, what about the additional resources needed to pull this off; how many fewer persistent connections could be maintained by a single server with the same specs?

[apenwarr]

There shouldn't be much overhead per stream. The estimators are just a few integers each, which is tiny compared to the TCP socket buffer itself. There could be added cpu overhead from implementing pacing if it isn't done carefully, but my understanding is the Linux pacing is done "right" so that it actually has very little or even negative overhead compared to traditional burst transmissions. (Also, it's generally safe to assume that Google cares more about server scalability than almost anyone else, so they wouldn't use this if it weren't pretty good on that front.)