[27609] in North American Network Operators' Group
RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
daemon@ATHENA.MIT.EDU (Rubens Kuhl Jr.)
Mon Feb 28 22:07:49 2000
From: "Rubens Kuhl Jr." <rkuhljr@uol.com.br>
To: "Paul Ferguson" <ferguson@cisco.com>
Cc: <nanog@merit.edu>
Date: Tue, 29 Feb 2000 00:06:02 -0300
Message-ID: <005a01bf8261$e9048790$5cf1e7c8@users.uol.com.br>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <4.2.2.20000228211401.00a36650@lint.cisco.com>
Errors-To: owner-nanog-outgoing@merit.edu
> Other stuff: NetFlow and CEF
> Fun stuff.
> Netflow: Don't think of NetFlow in any other capacity other than for
>trace-back capabilities:
Thanks for the long answer, but this question was actually on how the router
performance impact of CAR or TCP-Intercept changes between using CEF
switching (ip route-cache cef, default) and CEF-Flow switching (ip
route-cache cef + ip-route cache flow). Although NetFlow impacts router
performance a little, running CEF-Flow makes large access-list processing
faster than just running CEF; I think some other features (IPSec ?) also
have performance gains. I was wondering whether CAR and/or TCP-Intercept
would have better performance with CEF-Flow.
Rubens Kuhl Jr.
