[91002] in North American Network Operators' Group
Re: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Fri Jun 23 18:06:14 2006
In-Reply-To: <03235919BBDE634289BB6A0758A20B3669F37B@NT-SJCA-0751.brcm.ad.broadcom.com>
From: Roland Dobbins <rdobbins@cisco.com>
Date: Fri, 23 Jun 2006 15:05:43 -0700
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Jun 23, 2006, at 2:02 PM, Bora Akyol wrote:
> If your IPSEC is being done in hardware and you have appropriate QoS
> mechanisms in your network, you will probably not be able to pass
> your best effort
> traffic but the rest should be OK.
Unless the DoS is within the IPSEC tunnel and crowds out the good
traffic.
;>
Your original post seemed to imply that IPSEC is an anti-DoS
mechanism, as does the statement 'If you pay attention to detail, it
does help.' IPSEC is not an anti-DoS mechanism at all, it's
important to be clear about that.
----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
