[c-nsp] High PPS load 12K cards
Bas
kilobit at gmail.com
Thu Apr 13 03:26:01 EDT 2006
On 4/12/06, W. Kevin Hunt <khunt at huntbrothers.com> wrote:
> I have a client w/ 2 12012's w/ GRP-B's
>
> I need Gig-E line cards that can handle VERY high pps loads. Any
> recommendations and does anyone have any experience dealing with high
> pps ddos attacks on the 12K platform ?
Hi,
The 3GE is a lot better than the 1GE, but CPU will still go through
the roof when high-pps DoS comes in and you have netflow enabled.
The 4GE has dedicated hardware for netflow (and other features) so no
extra CPU load during high pps. But you still can't do 4 ports line
rate because it only has 2.5Gbit/s connection to the chassis.
So if you only use 3 out of 4 ports you can nearly do line-rate with
smallest packetsize.
The last "very" large DDoS (15+Mpps) we received brought down the
routers of our transit suppliers before traffic reached our routers.
(2 out of 4 transits) Now we use 6 transit parties hoping we can
withstand next couple of attacks before they become a multitude
bigger.
Good luck.
Bas
More information about the cisco-nsp
mailing list