[c-nsp] DS-3 -> OC-3 upgrade
Gert Doering
gert at greenie.muc.de
Mon May 16 17:50:01 EDT 2005
Hi,
On Mon, May 16, 2005 at 04:40:18PM -0400, Justin M. Streiner wrote:
> 2 years ago, I upgraded one of the 720VXRs where I used to work from an
> NPE-300 to an NPE-G1, and I was not all that impressed with the
> difference. CPU usage was quite a bit lower during normal times, but
> since at its heart it's still doing software-based forwarding, a
> relatively low packet-per-second DoS attack would still bring the router
> to its knees in short order.
What's "relatively low pps" for you? A NPE-G1 should be able to shove
through a OC-3 worth of 64byte packets with a load below 50% - unless
you have "evil" features enabled, IP accounting being the worst of them.
(I recently did some torture testing with a NPE-300, and as long as I
have no extra features enabled, a 100 Mbit/s full of 68-byte-packets
was handled just fine - and the NPE-G1 is MUCH faster).
You certainly want to block/rate-limit packets *TO* the router - but that's
good practice anyway.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list