[c-nsp] qos (?) capacity question

Phil Mayers p.mayers at imperial.ac.uk
Tue May 31 08:35:25 EDT 2011


On 31/05/11 13:21, Tom wrote:

> I personally have a rootserver from a popular french hoster. They recently implemented some protections for their network.
>
> - Limiting all incoming udp traffic to 50mbit/s per destination ip (server)
> - Limiting all outgoing traffic (icmp+syn 32kb/s, udp 100mbit/s
>
> As far as I know, they are using cisco routers

The rate-limiting might happen on another device e.g. something 
dedicated to traffic management. It might not be done on the routers.

Or, if your server is a virtual server, they might do the ratelimiting 
on the VM host.

>
> Is this type of policing implemented by qos?

Perhaps. Per-IP rate-limiting is possible on some platforms.

> There must be counters for millions and millions of source / dest IPs in Hardware. Where is the capacity limited?

It depends on which platforms.

For example I believe the high-end ASR9k linecards have 100k+ policers.


More information about the cisco-nsp mailing list