[127802] in North American Network Operators' Group
Re: Vyatta as a BRAS
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Wed Jul 14 19:40:05 2010
Date: Wed, 14 Jul 2010 16:39:26 -0700
From: Joel Jaeggli <joelja@bogus.com>
To: nanog@nanog.org, rdobbins@arbor.net
In-Reply-To: <A12CA2C9-865A-4107-A688-B83754C8C323@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 7/13/10 11:11 AM, Dobbins, Roland wrote:
>
> On Jul 14, 2010, at 1:02 AM, Matthew Kaufman wrote:
>
>> Dangerous in places where forwarding table exceeds hardware cache
>> limits. (See Code Red worm stories)
>
>
> During the Code Red/Nimda period (2001), and on into the
> Slammer/Blaster/Nachi period (2003), all the routers I personally
> know of which were adversely affected were software-based, didn't
> make use of ASICs for forwarding.
Having msdp turned on was a great way to get nuked by slammer regardless
of your choice of forwarding technology.
Which reminds me control plane protection is about more than just acls
and rate limiting.
> -----------------------------------------------------------------------
>
>
Roland Dobbins<rdobbins@arbor.net> //<http://www.arbornetworks.com>
>
> Injustice is relatively easy to bear; what stings is justice.
>
> -- H.L. Mencken
>
>
>
>
>
