|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Growing DoS attacks
[email protected] disait : > Something that people may want to consider doing is > that assuming you are using hardware/software that can support > rate-limit of specific packet types/rates, you could > generate some rate-limits to limit specific types of traffic > to various ranges. rate-limite and/or traffic filtering may be available on some box (GSR) but cannot run concurently with other feature (NetFlow). That is the biggest problem i see trying to put ACL or rate-limite on GSR boxes. I think the Cisco is working on it. Output ACL on some GSR linecard (engine 0/1 i think) make Netflow inactive on _all_ line card :-(( Thus, we cannot put any ACL nor rate-limit on customer connected on GSR boxes .... and it is hard to explain to customer that this is because of vendor limitation !!! The only tool available for these Customers is blackhole for identified /32 .... bad granularity ! Vincent.
|