[nsp] MD5 causes biggern problem than it fixes?

Jared Mauch jared at puck.nether.net
Thu Apr 22 09:45:10 EDT 2004


On Thu, Apr 22, 2004 at 09:17:11AM -0400, Joe Loiacono wrote:
> 
> Seems like that *is* the question.
> 
> On Wed, 21 Apr 2004, Edward Henigin wrote:
> > Regardless of that hurdle, I don't see filtering as a realistic
> > approach, due to, again, the ease of a CPU DOS when you have filters
> > in place.  IIRC, my Ciscos do NOT do line-rate ACLs...
> 
> How much CPU does RPF take?

	On what linecard?

	what platform?

	most of the newer GSR linecards can do this without
problems.  Juniper can also do it without (noticable) impact.

	Now, if you're talking about a 7200, or lower end platform
yes, you will see a performance hit.

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the cisco-nsp mailing list