[c-nsp] 2821, 2851, 3825, 3845 benchmarks or lack thereof.

Ray Burkholder ray at oneunified.net
Sat Jan 28 14:07:01 EST 2006 

The documents below seem to indicated that DOS mitigation from control plane
point of view is included.   Or am I not reading them properly?

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christopher J. Wolff
Sent: Saturday, January 28, 2006 14:06
To: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] 2821, 2851, 3825, 3845 benchmarks or lack thereof.

So if you had a clean sheet of paper, and since you are designing for
profitability reasons you were going to deploy a 3825 to terminate your two
DS3's at the edge.  Since the 3825 has no (D)DoS mitigation capabilities
what are you going to deploy in front of or behind it to handle DoS?  

-----Original Message-----
From: Łukasz Bromirski [mailto:lukasz at bromirski.net]
Sent: Saturday, January 28, 2006 7:51 AM
To: cisco-nsp at puck.nether.net
Cc: Rubens Kuhl Jr.; Christopher J. Wolff
Subject: Re: [c-nsp] 2821, 2851, 3825, 3845 benchmarks or lack thereof.

Rubens Kuhl Jr. wrote:

> According to that Cisco document, yes. They calculated 87 Mbps with 
> 64-byte packets, but based on pps numbers with no features.
> Unfortunately, they don't mention process switching performance for 
> theses models, which you could use for a worst case 
> router-under-attack scenario.

ISRs support control-plane policing[1] right from first IOS release, which
effectively defends router itself from any (D)DoS attacks.
Most of the functionality is fast/CEF-switched anyway.

[1].
Configuration:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chap
ter09186a00804559b7.html
Deploying:
http://www.cisco.com/en/US/products/ps6642/products_white_paper09186a0080211
f39.shtml

-- 
this space was intentionally left blank    |            Łukasz Bromirski
you can insert your favourite quote here   |        lukasz:bromirski,net


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Scanned for viruses and dangerous content at http://www.oneunified.net and
is believed to be clean.



-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.

More information about the cisco-nsp mailing list