Hi,
On Mon, Mar 19, 2001 at 01:02:28PM -0500, George Robbins wrote:
> >From what I can see the problem with IP accounting is that the list
> of IP address's isn't optimized (hash, tree, etc) so the more entries,
> the more CPU used in IP input. You can totally screw yourself if
> you specific a large number of entries and get a burst of traffic
> for an IP near the end of the list or not in the list at all.
Ummm, I don't think that's the main problem. As soon as the "attack"
(that is: creation of new entries in heaps) stops, the router returns
to normal operations.
I have seen lists as long as 150.000 pairs with no significant impact on
performance.
> If you're under attack, setting the number of entries to a small
> number (25-50 for example) before turning on IP accounting helps
> avoid having to wait for the router to crash and reboot...
Good advice. Thanks.
(Though 25-50 means "I will lose our customer's IP traffic immediately" -
a number of /16's involved).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:32 EDT