[j-nsp] ASR1002 Comparitive

Dobbins, Roland rdobbins at arbor.net
Wed Nov 18 03:10:23 EST 2009


On Nov 18, 2009, at 2:58 PM, Florian Weimer wrote:

> Not really, forwarding 200 to 300 Mbps of attack traffic (or more) is
> not a problem anymore.

My experience differs, and has for quite some time.  It's really the pps and flows which are the killer.

> That's like saying that the day of links with less than 10 Gbps of capacity are over, from an availability perspective.

Straw-man, you know better than that, heh.

> And if your router fails to forward an outbound DoS attack, that's
> actually a good thing, isn't it?

Actually, the preferred outcome is that you can block it on the router with S/RTBH or an ACL or whatever, and the router stays up forwarding the non-attack traffic.

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken





More information about the juniper-nsp mailing list