[c-nsp] qos (?) capacity question
Phil Mayers
p.mayers at imperial.ac.uk
Tue May 31 08:35:25 EDT 2011
On 31/05/11 13:21, Tom wrote:
> I personally have a rootserver from a popular french hoster. They recently implemented some protections for their network.
>
> - Limiting all incoming udp traffic to 50mbit/s per destination ip (server)
> - Limiting all outgoing traffic (icmp+syn 32kb/s, udp 100mbit/s
>
> As far as I know, they are using cisco routers
The rate-limiting might happen on another device e.g. something
dedicated to traffic management. It might not be done on the routers.
Or, if your server is a virtual server, they might do the ratelimiting
on the VM host.
>
> Is this type of policing implemented by qos?
Perhaps. Per-IP rate-limiting is possible on some platforms.
> There must be counters for millions and millions of source / dest IPs in Hardware. Where is the capacity limited?
It depends on which platforms.
For example I believe the high-end ASR9k linecards have 100k+ policers.
More information about the cisco-nsp
mailing list