[c-nsp] Sinkhole Routing
Danny McPherson
danny at tcb.net
Fri Oct 1 17:02:14 EDT 2004
On Oct 1, 2004, at 12:09 PM, Amol Sapkal wrote:
>
> Yes, this is precisely what I am looking at. I want to offload my
> 7513's cpu processing taken up by the ACLs.
> But what I am wondering is about the trade-off. Whether router will
> eat up more cpu while blocking traffic on the ACL or while switching
> it to my would-be sinkhole router.
I guess the short answer is "it depends". More than likely,
the router is going to perform better forwarding packets,
especially w/distributed forwarding w/VIPs, than dropping them
with packet filters. Exactly how different depends on the
structure of the packet filter(s), load, etc..
One of the primary reasons you see folks divert to sinkhole
is to do fine-grained mitigation that's typically not possible with
packet filters and the like, or to offload garbage processing (e.g.,
Bogon, Dark IP and RFC 1918 gunk) and perform analysis on
packet activity in this address space.
-danny
More information about the cisco-nsp
mailing list