[c-nsp] nexus N3K-C3064PQ as 1st level protection against ddos ?

[Pedro]

Hello,

I have some idea to put switch before bgp router in order to terminate 
isp 10G uplinks on switch, not router. Main reason is it could be some 
kind of 1st level of defence against ddos, second reason, less 
important, save cost of router ports.

It's possible use this feature?

-  limit udp, icmp (bandwith,pps) at ingress port or vlan
-  create counters: passed and dropped packets, best way to get this 
counters via snmp oid
-  port mirror from many ports/vlans to multiple port (other anty ddos 
solutions)
-  limited bgp but with flowspec to comunicate with another anty ddos 
devices

I'm also wondering how this feature above impact on cpu/whole switch. It 
can be some performance degradation ot all of this feature are done in 
hardware, with wirespeeed ?

Thanks for any advice,
Pablo

---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus