[j-nsp] ASR1002 Comparitive
Dobbins, Roland
rdobbins at arbor.net
Wed Nov 18 02:40:55 EST 2009
On Nov 18, 2009, at 2:38 PM, Ben Steele wrote:
> any attack > 100Mbs is going to be dropped(tail-drop/rate-limit whatever method the ISP implements) before it even makes it to the poor software-based router and given the almost 300Mbs @ 64-byte spec I don't think it would have a problem with it, usual CoPP applying.
You're assuming the attack is 'inbound' - often, this isn't the case.
;>
I've also seen software-based routers absolutely crushed by the sheer number of flows engendered by DNS amplification attacks, when an open recursor is soutbhound of said software-based router and the miscreants are bouncing an attack through it.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the juniper-nsp
mailing list