nanog mailing list archives
Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
From: Saku Ytti <saku () ytti fi>
Date: Sat, 1 Oct 2016 13:43:16 +0300
On 1 October 2016 at 10:03, Pedro <piotr.1234 () interia pl> wrote:
We had situations, that we lost all our bgp sessions, not even only on ports where flood was coming. Just cpu overloaded. I don't care about support too much, there are cheap enough to have spare.
What is the device you're trying to protect? Perhaps it supports reasonable CoPP features so that you can protect it directly on itself. To do this CoPP on neighbouring switch, you'll need unique policer for each and every BGP session and ARP, your switch may not support this and it is provisioning nightmare. -- ++ytti
Current thread:
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Pedro (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Saku Ytti (Oct 01)
- <Possible follow-ups>
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Mike Hammett (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos James Jun (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Josh Reynolds (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Saku Ytti (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos James Jun (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos James Jun (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos Mike Hammett (Oct 01)
- Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos joel jaeggli (Oct 02)