[c-nsp] Your opinions on router throughput
Jon Lewis
jlewis at lewis.org
Fri Oct 27 01:24:57 EDT 2006
On Thu, 26 Oct 2006, Ted Mittelstaedt wrote:
> OK here's the scenario:
>
> 2 Cisco 7206 VXR's. First one has 3 high speed interfaces, a FE to
> the local LAN that has customer connections, a FE running 30Mbt to
> one Internet feed, and a PA-A3-T3 that is running 45Mbt to the second VXR
>
> The second VXR has 3 high speed interfaces, a FE to the local LAN that
> has customer connections, a PA-A3-T3 going to 10Mbt-burst-to-45Mbt Internet
> feed,
You mentioned "bandwidth limiting" but didn't say where or how it's being
done. If there's nothing (like a policing switch) stopping them, one
compromised customer machine can hit their local router with enough PPS
over the FE to basically shut down the NPE300. Even with a policing
switch, I suspect a machine could send sufficient PPS without exceeding
reasonable Mbit/s policing to put a serious hurting on the NPE300.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list