[c-nsp] DDoS Attack detection and elimination suggestions
Lee Starnes
lee.t.starnes at gmail.com
Thu Apr 7 12:47:22 EDT 2011
Thanks to all that provided feedback on this. Very helpful.
We have also chosen to take the path up upgrading our 12008 routers to 12406
routers. Aside from the older engine line cards, is there anything else we
should look out for? Any particular versions of IOS-XR to stay away from?
These will be used as service provider edge routers. All interfaces will be
either Gigabit or 10 Gigabit. There will be between 5 and 7 IPv4/IPv6 peers
on each. Some are direct peers and others eBGP multi-hop.
Thanks again.
Lee.
Any
On Thu, Mar 31, 2011 at 10:08 PM, Lee Starnes <lee.t.starnes at gmail.com>wrote:
> Hi,
>
> I'm looking for pointers on how to best detect DDoS attacks and best
> practices for stopping one once identified. Our current platform is using
> 12008 GRP-B routers, but I know they have their limits on what they can
> handle when seeing things like 900000 packets per second input rates.
>
> What is recommended as a replacement router and what would be recommended
> if the routers are not replaced? Is there an easy way to see and identify
> the traffic on these existing routers or is there a way to do something
> similar to RSPAN on the switches that will allow me to see this traffic?
>
> Any help or direction to resources would be greatly appreciated.
>
> Thanks,
>
> Lee.
>
More information about the cisco-nsp
mailing list