[c-nsp] Sup 720-3BXL ACL filtering limitations

jack b j4bles at gmail.com
Mon Sep 5 19:01:14 EDT 2011


Recently one of our customers experienced a ddos attack consisting of 4000
unique hosts sending about 3000 http connections per second. What we
normally do is create an acl blocking the source addresses of the attack and
permit everything else, however, when the acl was applied not all of the
traffic from the attacking hosts was being being blocked and we had to end
up enabling URPF and configuring S/RTBH routing to filter all the traffic.
Are there known limitations with the amount of traffic can be handled by
acls on this platform? If so is that documented anywhere? ** **


More information about the cisco-nsp mailing list