[nsp] RPF on Catalyst 6k
Manolo Hernandez
manolo at dialtone.com
Thu Dec 26 12:37:55 EST 2002
This something I believe more people are interested in. As when an
attack comes in to a specific node my whole network starts to discard
and latency takes off.
Manolo
On Thu, 2002-12-26 at 12:39, Florian Weimer wrote:
> "Rubens Kuhl Jr." <rkjnsp@ieg.com.br> writes:
>
> > Because of performance on a wire-speed device, all checkings must be done in
> > parallel. If the CEF table were stored at only one place, it would require 2
> > lookups to fetch the destination and verify RPF. As far as I know, it's an
> > identical copy.
>
> BTW, is it better to implement anti-spoofing filters using uRPF, or
> using regular ACLs (which end up in the TCAM for ACLs)? Which one is
> more robust during DoS attacks with randomly spoofed source addresses?
--
Manolo Hernandez - Network Administrator
Dialtone Interland - Extremely Fast Linux Web Servers
phone://305-717-6650 fax://
mailto:manolo@dialtone.com http://www.dialtone.com
"The only source of knowledge is experience." - A. Einstein
More information about the cisco-nsp
mailing list