[130309] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Using crypto auth for detecting corrupted IGP packets?

daemon@ATHENA.MIT.EDU (Manav Bhatia)
Fri Oct 1 03:31:58 2010

In-Reply-To: <14643A97-2A17-4859-93EB-9CC4187FDCBA@arbor.net>
Date: Fri, 1 Oct 2010 13:01:48 +0530
From: Manav Bhatia <manavbhatia@gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

>
>> Buffering for 4-6 hours worth of control traffic is HUGE!
>
> If 4-6 hours of *control-plane* traffic on a given device is 'HUGE!', for some reasonable modern value of 'HUGE!', then there's definitely a problem on the network in question.

With BFD alone (assuming 20 sessions, 50ms timer) you will have
400pps. In 6 hours you will have around 8000K BFD packets. Add OSPF,
RSVP, BGP, LACP (for lags), dot1AG, EFM and you would really get a
significant number of packets to buffer.

Cheers, Manav


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[130309] in North American Network Operators' Group

Re: Using crypto auth for detecting corrupted IGP packets?

daemon@ATHENA.MIT.EDU (Manav Bhatia)Fri Oct 1 03:31:58 2010

daemon@ATHENA.MIT.EDU (Manav Bhatia)
Fri Oct 1 03:31:58 2010