nanog mailing list archives
Re: Effective ways to deal with DDoS attacks?
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Thu, 2 May 2002 12:53:38 -0400
On Thu, May 02, 2002 at 09:41:33AM -0700, LeBlanc, Jason wrote:
Yes, Juniper can be convinced to add things, we've asked for a few. ;) Part of the problem with asking for new things on an ASIC, takes time. Anything they add in their code to help filter will likely not be done in hardware, meaning potential impact. I know some people need to filter on their routers for various reasons, but my thoughts are to minimize this. A router that is working hard at just forwarding packets doesn't need to extra overhead of looking deep into packet headers to figure out what to do with packets. Juniper is better at this, as are some Cisco products, but the GSR is a crappy packet filter if you put enough traffic through it. Yes certain linecards are better than others, but the newer they are the more buggy they are, and we're talking HW here, so bug fixes will be awhile.
I think you're misunderstanding how this works. http://www.juniper.net/news/features/ipii/faq_ip2.html http://www.juniper.net/techcenter/techpapers/200015-03.html 3. How does the Internet Processor II ASIC enable service providers to upgrade functionality without upgrading hardware? Essentially, the Internet Processor II ASIC contains logic that implements a number of lookup algorithms, including trees, tables, firewall programs, and a way to chain those individual lookups together in an arbitrary sequence. The final answer to an entire lookup, then, is the result of all the matches that were run. By implementing complex lookups as a series of fundamental primitives, the ASIC can support almost anything for which an application can be described. Since the ASIC implementation is so general, new functionality can be enabled in JUNOS software upgrades without having to swap hardware. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- Re: Effective ways to deal with DDoS attacks?, (continued)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 04)
- Re: Effective ways to deal with DDoS attacks? Kurt Erik Lindqvist (May 06)
- RE: Effective ways to deal with DDoS attacks? LeBlanc, Jason (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Rubens Kuhl Jr. (May 03)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- RE: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Mark Turpin (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- RE: Effective ways to deal with DDoS attacks? Barry Raveendran Greene (May 03)
- Re: Effective ways to deal with DDoS attacks? Stephen Griffin (May 03)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 03)
- /31 mask address Toan Do (May 03)
- Re: /31 mask address Simon Lockhart (May 03)