[nsp] intermitten ping lags on 7500/rsp4/256M
Dmitri Kalintsev
dek at hades.uz
Fri Jun 13 12:37:33 EDT 2003
On Thu, Jun 12, 2003 at 07:48:06PM -0400, Jared Mauch wrote:
>
> What you need is the distributed linecards to inspect packets
> prior to being forwarded to the RE and be able to generate the icmp
> responses at linerate back. Obviously non-distributed
...which will be ideal for reflective dDoS attacks, for instance. ;)
> platforms (3640, 2600, 2500, 7200, or even 7500 w/ older non-dcef
> capable cards) will not be able to respond in this fashion, but they
> are more likely to not be performing bgp.
>
> This doesn't seem like a too complicated thing to do.
...but, at much closer look, quite useless. ;) Routers are there to *route*
packets, not to reply to ICMP queries. That is why ICMP processing is given
such a low priority (and not only by Cisco).
If somebody needs to measure their network characteristics *so* badly,
there's always Cisco SAA which seems to be part of almost everything Cisco
has nowdays that runs IOS (no, I didn't look at fn, because I'm stubborn and
lazy).
> - jared
---end quoted text---
SY,
--
D.K.
More information about the cisco-nsp
mailing list