[84618] in North American Network Operators' Group
Re: image stream routers
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sat Sep 17 18:21:51 2005
Date: Sat, 17 Sep 2005 18:21:22 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: tony sarendal <dualcyclone@gmail.com>
Cc: nanog@merit.edu
In-Reply-To: <ad7542dc050917143372f0b780@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Sat, 17 Sep 2005, tony sarendal wrote:
>> ... until you get an inbound ddos over that shiny gige at 1.44 Mpps. in
>> today's world, planning for normal circumstances is woefully insufficient,
>> you have to spec based on worst case numbers because you're almost
>> guaranteed they will hit your network upside the head in the future.
>>
>
> If I have a GE link and get DDOS'ed at 1.44Mpps I'm on the wrong side
> of the bottleneck to do much about it, am I not ?
The difference is with a software based router that melts under DDoS
traffic, the CLI may become unusable and it may be dropping so many
packets, that if you're on the outside, you can't get in to manage it or
anything else on the network. With a hardware based router that can
handle one or more orders of magnitude more PPS that a DDoS generates, the
CLI keeps working as if nothing's wrong, and if you happen to be on the
outside trying to get in to manage things, you may suffer a little packet
loss if your transit pipes are full, but nothing compared to the first
case.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
