[c-nsp] PXF ?
Rodney Dunn
rodunn at cisco.com
Tue Jun 7 22:47:54 EDT 2005
On Sat, Jun 04, 2005 at 10:17:44AM +0200, ?ukasz Bromirski wrote:
> Joe McGuckin wrote:
> > How effective is PXF on the 7304?
> > If I'm being hit with a large DDOS attack, will I see the CPU load go up
> > significantly?
>
> This is a function of how the traffic will look like and what You
> do on a router. If the DDoS will be pointed to IP of Your router,
> it's still possible.
The goal is to implement CoPP in hardware. Until that time you
should implement filters in hardware for traffic you know should
never reach the RP in the first place.
Rodney
>
> > We've had problems with 7200 routers where interrupt processing
> > consumes all available cpu and routing protocol keepalives don't
> > get sent.
>
> Please do read about control-plane policing:
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a00801afad4.html
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_white_paper09186a0080211f39.shtml
>
> ..and then about SPD (selective packet discard):
> http://www.cisco.com/warp/public/63/spd.html
>
> Also, most of best-practices for SPs are gathered in ISP Essentials
> book:
> ftp://ftp-eng.cisco.com/cons/isp/essentials/
>
> --
> this space was intentionally left blank | ?ukasz Bromirski
> you can insert your favourite quote here | lukasz:bromirski,net
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list