[c-nsp] Re: 6500 under DDoS
Blaz Zupan
blaz at inlimbo.org
Tue Jul 27 16:49:03 EDT 2004
Thanks to everybody for the suggestions. To sum them up, there are many ways
to misconfigure a 6500 so that packets are software switched instead of
hardware switched.
For the sake of those that might find this thread through the archives, here
is a collection of the most useful suggestions:
- ACL misconfiguration. A nice (and long) writeup of the ACL/TCAM interaction
is available here (thanks Roland):
http://www.cisco.com/en/US/partner/products/hw/switches/ps708/
products_white_paper09186a00800c9470.shtml
- weird features turned on (policy based routing, NBAR)
- to check whether the TCAM has been overflowed, issue "sh fm rum" (again,
thanks Roland)
More information about the cisco-nsp
mailing list