[c-nsp] 6500 under DDoS
Blaz Zupan
blaz at inlimbo.org
Tue Jul 27 15:47:35 EDT 2004
> A Sup720 should easily handle this traffic. Are you seeing any errors on
> your port going to them ? Is there anyway you can paste your port config and
> maybe theirs ?
Well, our side is a Juniper, so I don't think the config is relevant in this
case, but just in case:
interfaces {
ge-0/3/0 {
unit 407 {
vlan-id 407;
family inet {
filter {
output customerX;
}
address x.x.x.x/30;
}
}
}
The filter is just a rate limit 200Mbps (which they never reach). On our
side, they are just a VLAN going through a Cisco 3550. I just received a
mail from them with the interface config, unfortunatelly without the
contents of the BORDER-INP and BORDER-OUT access lists.
interface GigabitEthernet5/2
ip address x.x.x.x 255.255.255.252
ip access-group BORDER-INP in
ip access-group BORDER-OUT out
load-interval 30
no cdp enable
interface GigabitEthernet5/1
no ip address
load-interval 30
switchport
switchport access vlan 99
More information about the cisco-nsp
mailing list