[c-nsp] 7x00 routers that survive

sthaug at nethelp.no sthaug at nethelp.no
Mon Aug 30 13:13:31 EDT 2004


> A FE link can carry 148800pps simplex, twice as much full-duplex. A Juniper
> reference says an ATM STM-1 can carry 300 kpps of 40 bytes packets; I'm
> willing to bet that attacks will come only from inside or outside, not both
> sides... so if NPE-G1 can handle 630kpps of attack packets, it would fit the
> "2 OC-3" scenario. What kind of attack packets have you sent to the router
> with Smartbits ?

Unfortunately an STM-1 link has considerably lower overhead than FE.
My calculation is:

STM-1 payload capacity (available for IP + L2 encap): 149.76 Mbps.
HDLC/PPP overhead: 8 byte, minimum size IP packet: 20 byte. Thus:

149760000/(28*8) = 668571 pps.

And that's one way traffic.

I'm willing to be corrected on the numbers above, but I believe it is
correct. Remember that a DDoS attack doesn't need to have a UDP or TCP
header - IP alone will do just fine.

I used a Smartbit with GE ports to generate the traffic. As mentioned
above, Ethernet overhead is higher - so it's possible you could get
better numbers when testing with a real STM-1. However, I don't really
believe so - because the Smartbits testing showed that the highest pps
numbers for the NPE-G1 were *not* at minimum sized Ethernet packets
(64 bytes) but much closer to 128 bytes.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the cisco-nsp mailing list