|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Re[2]: SYN floods (was: does history repeat itself?)
Alec H. Peterson writes: > > Alexis Rosen writes: > >That's why I was talking about filtering at a router just upstream from > >the dial-access box. > > > >FWIW, even with a thousand very busy modems, I'm pretty sure that even a > >small cisco is up to the job. They just don't generate all that much traffic. > > Could be, although I'd want to see this before I bet the farm on it. > I'm not sure how efficient crisco's filtering algorithm is... I would. As a point of reference, we have filters on two fairly busy T1s, which between them account for more then 500 modems worth of traffic and a *lot* more besides (all of VTW's traffic, for example). Putting filters on these, both an an AGS+/4, didn't make an enormous difference in CPU- it's still <30%. Surely a 2500 series box could handle that much. (It's 68030 vs. 68040, but we're at 30% utilization, and we're doing other things on that box.) /a --- Alexis Rosen Owner/Sysadmin, PANIX Public Access Unix & Internet, NYC. [email protected] - - - - - - - - - - - - - - - - -
|