[c-nsp] pricing vs performance
Siva Valliappan
svalliap at cisco.com
Wed Dec 1 17:38:41 EST 2004
On Wed, 1 Dec 2004 sthaug at nethelp.no wrote:
> > What about the 6500/7600 platform? We're in a similar boat. We're using
> > a mix of 7206s and 7500s for our core routers, and they generally deal
> > with "normal" traffic well enough, but if someone points a DDoS at us,
> > even the 7500s tend to roll over and play dead under sufficiently high
> > values of kpps. Having heard good things about them, and since our
> > transit connections have all moved to FE, we're looking at possibly moving
> > to 6500s with MSFC2s to handle the transit connections.
>
> At my previous employer we had generally good experience using 6500
> with Sup2/MSFC2/PFC2 as border routers. Lots of DoS attacks, even Gbps
> sized ones, and the boxes survived. Note that this depends on good ACLs
> and/or rate limiting to make sure that the DoS traffic doesn't hit any
> of the IP addresses of the box itself.
>
FWIW a C6500/7600 with Sup720s can do control plane policing in
hardware, so you could protect against a direct attack on the box.
cheers
.siva
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list