[c-nsp] Sup 720-3BXL ACL filtering limitations

Phil Mayers p.mayers at imperial.ac.uk
Tue Sep 6 04:06:47 EDT 2011


jack b <j4bles at gmail.com> wrote:

>Recently one of our customers experienced a ddos attack consisting of
>4000
>unique hosts sending about 3000 http connections per second. What we
>normally do is create an acl blocking the source addresses of the
>attack and
>permit everything else, however, when the acl was applied not all of
>the
>traffic from the attacking hosts was being being blocked and we had to
>end
>up enabling URPF and configuring S/RTBH routing to filter all the
>traffic.
>Are there known limitations with the amount of traffic can be handled
>by
>acls on this platform? If so is that documented anywhere? ** **
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

It should not have any problem blocking at line rate. How much traffic was getting through? Where did you have the acl, ingress or egress?

Are you sure the acl was correct, and correctly applied given your topology?
-- 
Sent from my phone. Please excuse brevity and typos.



More information about the cisco-nsp mailing list