[j-nsp] DDOS and MX-240's
Richard A Steenbergen
ras at e-gerbil.net
Tue Jan 8 15:30:11 EST 2013
On Mon, Jan 07, 2013 at 08:10:45PM -0800, Eric Cables wrote:
> It's interesting that Flowspec was one of the presentations at the Bay Area
> Juniper User's Group in October, and heavily used by CloudFlare.
>
> http://www.slideshare.net/junipernetworks/flowspec-bay-area-juniper-user-group-bajug
I did warn Terry about this issue before he gave that presentation, but
note that their performance requirements are MUCH lower than mine. The
graphs in this presentation show 100-1000Mbps attacks and 45kpps
attacks, which doesn't require much in the way of router resources. Line
rate for a 10GE is 14.88Mpps, and when you suddenly can't do more than
4Mpps per port because of a couple dozen flowspec rules, I consider this
a BIG problem. :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list