[45135] in North American Network Operators' Group
Re: Growing DoS attacks
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu Jan 17 23:07:28 2002
Date: Thu, 17 Jan 2002 23:06:44 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: Vincent Gillet <vgi@zoreil.com>
Cc: Nicolas Guilbaud <nguilbaud@chello.com>,
Jared Mauch <jared@puck.Nether.net>, nanog@merit.edu
Message-ID: <20020118040644.GA2172@puck.nether.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020117100957.GA9086@opentransit.net>
Errors-To: owner-nanog-outgoing@merit.edu
I beleive that other vendors (Juniper for example) can
also do the same stuff I was suggesting at the rates without
concerns over which engine linecard supports what.
I am not trying to advocate a specific vendor over another
just that if this is a major concern you can protect your network
at the ingress/egress points with such software features.
If netflow is more important than this that is a
eng/business case that each person obviuosly needs to address.
- jared
On Thu, Jan 17, 2002 at 11:09:57AM +0100, Vincent Gillet wrote:
> nguilbaud@chello.com disait :
>
> > Vincent,
> >
> > The Cisco ISE aka Engine 3 cards for GSR allow you to combine those
> > features, you can even i/egress traffic police or even shape based on
> > access-list. You still have some constraints but nothing compared to the
> > E0/1/2.
>
> It looks getting better and better, but large GSR users have
> 95% LC E0/1/2 .... and i bet 100% customers are connected on E0/1/2 !!
>
> Even single POS oc48 LC are still E2 ....
>
> I am talking about problem we have today.
> E3 and above LC will be popular for access in 2003 i guess.
>
> Vincent.
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
