[65279] in North American Network Operators' Group
IPSEC VPNs capable of handling worm traffic
daemon@ATHENA.MIT.EDU (Magnus Eriksson)
Wed Nov 19 18:28:11 2003
Date: Thu, 20 Nov 2003 00:27:20 +0100
From: Magnus Eriksson <magnus@eriksson.mu>
To: nanog@merit.edu
X-MDaemon-Deliver-To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
The last 2 days I've been fighting against the Nachi ICMP onslaght on a
customer network.
Problem is that the "random" destination traffic seem to kill my VPNs by
vendor N. CPU is consumed, probably due to trying to maintain/update
route cache. Or maybe it hits it's pps limit.
Ordinary traffic req. is approx. 10 Mbit/s mixed traffic.
Worm traffic I would like to be able to handle is approx 2-3kpps.
Anyone know of any VPN boxes/routers with VPN capability that is better
able to handle the onslaught? Is vendors C's boxes better than Nortel's?
Is CEF going to help me? Or is the problem pps related?
Will it help to throw a bigger box at the problem?
Any advice greatly appreciated.
Regards
Magnus - Sweden
