[c-nsp] PXF ?
Łukasz Bromirski
lbromirski at mr0vka.eu.org
Sat Jun 4 04:17:44 EDT 2005
Joe McGuckin wrote:
> How effective is PXF on the 7304?
> If I'm being hit with a large DDOS attack, will I see the CPU load go up
> significantly?
This is a function of how the traffic will look like and what You
do on a router. If the DDoS will be pointed to IP of Your router,
it's still possible.
> We've had problems with 7200 routers where interrupt processing
> consumes all available cpu and routing protocol keepalives don't
> get sent.
Please do read about control-plane policing:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a00801afad4.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_white_paper09186a0080211f39.shtml
..and then about SPD (selective packet discard):
http://www.cisco.com/warp/public/63/spd.html
Also, most of best-practices for SPs are gathered in ISP Essentials
book:
ftp://ftp-eng.cisco.com/cons/isp/essentials/
--
this space was intentionally left blank | Łukasz Bromirski
you can insert your favourite quote here | lukasz:bromirski,net
More information about the cisco-nsp
mailing list