[c-nsp] Sup 720-3BXL ACL filtering limitations
jack b
j4bles at gmail.com
Tue Sep 6 14:08:30 EDT 2011
Dont have exact numbers on the amount of traffic still getting through, but
we were still seeing some connections from sources when the corresponding
blocking ACE was showing the hit count increase. I had applied the acl
applied to ingress traffic on uplinks to our providers.
On Tue, Sep 6, 2011 at 1:06 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> jack b <j4bles at gmail.com> wrote:
>
> >Recently one of our customers experienced a ddos attack consisting of
> >4000
> >unique hosts sending about 3000 http connections per second. What we
> >normally do is create an acl blocking the source addresses of the
> >attack and
> >permit everything else, however, when the acl was applied not all of
> >the
> >traffic from the attacking hosts was being being blocked and we had to
> >end
> >up enabling URPF and configuring S/RTBH routing to filter all the
> >traffic.
> >Are there known limitations with the amount of traffic can be handled
> >by
> >acls on this platform? If so is that documented anywhere? ** **
> >_______________________________________________
> >cisco-nsp mailing list cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> It should not have any problem blocking at line rate. How much traffic was
> getting through? Where did you have the acl, ingress or egress?
>
> Are you sure the acl was correct, and correctly applied given your
> topology?
> --
> Sent from my phone. Please excuse brevity and typos.
>
More information about the cisco-nsp
mailing list