nanog mailing list archives
Re: Cheap LSN/CGN/NAT444 Solution
From: Simon Perreault <simon () per reau lt>
Date: Mon, 30 Jun 2014 08:42:15 -0400
Le 2014-06-30 06:12, Roland Dobbins a écrit :
what is needed however is session timeouts.This can help, but it isn't a solution to the botted/abusive machine problem. They'll just keep right on pumping out packets and establishing new sessions, 'crowding out' legitimate users and filling up the state-table, maxing the CPU. Embryonic connection limits and all that stuff aren't enough, either.
Why? Cause that (per-subscriber limits on ports and memory) is exactly what we recommend in RFC 6888...
Simon
Current thread:
- Cheap LSN/CGN/NAT444 Solution Skeeve Stevens (Jun 29)
- Re: Cheap LSN/CGN/NAT444 Solution Robert Drake (Jun 29)
- Re: Cheap LSN/CGN/NAT444 Solution Roland Dobbins (Jun 30)
- RE: Cheap LSN/CGN/NAT444 Solution Tony Wicks (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Roland Dobbins (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Simon Perreault (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Roland Dobbins (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Simon Perreault (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Roland Dobbins (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Roland Dobbins (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Robert Drake (Jun 29)
- Re: Cheap LSN/CGN/NAT444 Solution Stepan Kucherenko (Jun 30)
- RE: Cheap LSN/CGN/NAT444 Solution Tony Wicks (Jun 30)
- Re: Cheap LSN/CGN/NAT444 Solution Mark Andrews (Jun 30)