[56968] in North American Network Operators' Group
Re: Using Policy Routing to stop DoS attacks
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Tue Mar 25 09:33:45 2003
Date: Tue, 25 Mar 2003 16:33:15 +0200 (IST)
From: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
To: Christian Liendo <cliendo@globix.com>
Cc: nanog@merit.edu
In-Reply-To: <5.2.0.9.0.20030325085423.04562d10@mailhost.nyc1.globix.net>
Errors-To: owner-nanog-outgoing@merit.edu
## On 2003-03-25 09:06 -0500 Christian Liendo typed:
[snip]
CL>
CL> Depending on the router and the code, if I implement an access-list then
CL> the CPU utilization shoots through the roof.
CL> What I would like to try and do is use source routing to route that traffic
CL> to null. I figured it would be easier on the router than an access-list.
CL>
CL> Has anyone else tried this successfully on ciscos and junipers?
CL> Is it easier on the CPU than access-lists?
Details ?
Which Cisco router ? IOS ?
HW/SW/CEF/netflow/<whatver> "IP switching" ?
As you seem to have noticed these "little details" matter ...
--
Rafi
