|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPSEC VPNs capable of handling worm traffic
All of these cute references to "vendor c" and "vendor n" go by the wayside when we slip and say "Nortel" or refer to "CEF". :) IMHO, if you aren't breaking an NDA, you might as well name names. If you are breaking an NDA, using initials won't screen you from legal jeopardy... - Daniel Golding On 11/19/03 6:27 PM, "Magnus Eriksson" <[email protected]> wrote: > > The last 2 days I've been fighting against the Nachi ICMP onslaght on a > customer network. > > Problem is that the "random" destination traffic seem to kill my VPNs by > vendor N. CPU is consumed, probably due to trying to maintain/update > route cache. Or maybe it hits it's pps limit. > > Ordinary traffic req. is approx. 10 Mbit/s mixed traffic. > Worm traffic I would like to be able to handle is approx 2-3kpps. > > Anyone know of any VPN boxes/routers with VPN capability that is better > able to handle the onslaught? Is vendors C's boxes better than Nortel's? > Is CEF going to help me? Or is the problem pps related? > > Will it help to throw a bigger box at the problem? > > Any advice greatly appreciated. > > Regards > Magnus - Sweden > > > >
|