[c-nsp] 6500 under DDoS

[Matti Saarinen]

Fredrik.Jacobsson at enskilda.se writes:

>> [ NBAR kills 6500 ]
>
> Would it be possible to create a span to a port where you connect a
> router that has NBAR enabled? 

 At my previous employer we had almost similar setup. On 6509 was
 configured a monitor port to which was connected a PC running
 analysing software. The setup worked fine.

> How about Netflow? Does that have the same drawbacks?

 No, as far as I know. I think Netflow is done on PFC instead of MSFC.

 Cheers,

-- 
- Matti -