[c-nsp] Modern BGP peering border router and DDoS attack defense recommendations?

[David J. Hughes]

> Ps. The only feature that I havent turned on is NBAR (because we are an
> SP, we deal in L3)

.... and NBAR will drop a router to its knees very quickly in a DOS 
attack.  If you are unlucky enough to be running an image with the "old 
NBAR implementation" then the number of packets required to kill an 
NPE-G1 is amazingly small.  Think "dial-up modem" packet rates ....


David
...