nanog mailing list archives

Re: UDP DoS mitigation?

From: Roland Dobbins <rdobbins () cisco com>
Date: Sat, 13 Dec 2008 02:33:59 +0800


On Dec 13, 2008, at 2:27 AM, David Kotlerewsky wrote:

2. As far as hardware is concerned, we're in the same boat as far as
various UDP/ICMP floods, and our Juniper M10i's handle it with noissues
(running multiple BGP sessions, OSPF, firewall sets/access lists).

Right - a hardware-based platform is required to deal with high ppsrates (the Cisco equivalent is the ASR1000; I'm not familiar withboxes from other vendors, but I'm pretty sure there are others in thissame class).


-----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // +852.9133.2844 mobile

     History is a great teacher, but it also lies with impunity.

                   -- John Robb

Current thread:

UDP DoS mitigation? Rick Ernst (Dec 12)
- Re: UDP DoS mitigation? Roland Dobbins (Dec 12)
- RE: UDP DoS mitigation? David Kotlerewsky (Dec 12)
  - Re: UDP DoS mitigation? Roland Dobbins (Dec 12)
- RE: UDP DoS mitigation? Matthew Huff (Dec 12)
- Re: UDP DoS mitigation? Rick Ernst (Dec 12)
  - RE: UDP DoS mitigation? Ian Henderson (Dec 13)
- Re: UDP DoS mitigation? Florian Weimer (Dec 14)