nanog mailing list archives
RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
From: Paul Ferguson <ferguson () cisco com>
Date: Mon, 28 Feb 2000 22:33:42 -0500
At 12:06 AM 02/29/2000 -0300, Rubens Kuhl Jr. wrote:
Thanks for the long answer, but this question was actually on how the router performance impact of CAR or TCP-Intercept changes between using CEF switching (ip route-cache cef, default) and CEF-Flow switching (ip route-cache cef + ip-route cache flow). Although NetFlow impacts router performance a little, running CEF-Flow makes large access-list processing faster than just running CEF; I think some other features (IPSec ?) also have performance gains. I was wondering whether CAR and/or TCP-Intercept would have better performance with CEF-Flow.
Again, forget about flow-switching in any context except for tracing back attackers. If you want the functionality to lower the threshold of DoS pain, CEF is your baby. This is an operational forum, yes? Where is the input from the (current) operators? - paul ps. And they can both be used in conjunction with one another to reach an end goal...
Current thread:
- DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
- [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Vijay Gill (Feb 28)
- Message not available
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
- Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Valdis . Kletnieks (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
- Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)