Let's say we buffer 500ms since that forces attackers to suspend links for over 500ms to identify target nodes, and making their network node bisections more noticeable to end users: 3.5s
And 500ms may not be enough! Perhaps we should buffer up for a second or more?
10 milliseconds, 10 seconds, 10 minutes, 10 hours or 10 days... speculating on which any adversary will use... removes use cases for the network as a result. Set speculations to 0 ms, and just depeer from node when it appears to no be upholding traffic parameters it said it would be sending you. If you agree to x, possibly supported by iperf test between you, and your peer start sending you a chopped up sine wave outside allowable deviation, they or their path to you are obviously fucked, just drop them. If it's allowable then buffer and reclock it when sending it back out your NIC so that whatever natural identifiable remains is not replicated beyond you.