nanog mailing list archives

Re: Re[2]: SYN floods (was: does history repeat itself?)

From: "Dick St.Peters" <stpeters () NetHeaven com>
Date: Wed, 11 Sep 1996 03:46:06 -0400

I have found that 2500's do not have the processor for even basic filtering
when sitting in front of several hundred modems.  4700's on the other hand
(and 7200's) have the ability to handle the job with little difficulty.


Really? Is there something special about 2500s as compared to AGSes? Alec
pointed out to me that my numbers were a bit off, but they're not off by
that much. How much traffic was there on the 2500 that you were trying to
use for filtering? And how many ports were in use?


I'm a small enough site to provide some numbers on 2500s.  My border
router is a 2514; it checks every incoming packet to be sure the
packet doesn't claim to be from my address space, and to be sure they
_are_ from my address space, it checks every outgoing packet twice[*],
once coming into the router and again on the way out.  Awhile ago
the 5-minute average input data rate was sitting at 230 Kbps and the
5-minute cpu utilization at 25%.

This router also filters all the incoming packets again as they leave
out an enet port or the second serial (T1) port.  Some packets go
through a lot of other filter steps before hitting a rule allowing
them into or out of the router.  Adding all this filtering doesn't
seem to have affected the cpu utilization a whole lot, although it's
been a long time since I had all filtering turned off.

[*] Filtering twice lets me delete and rewrite one filter while still
being shielded by the other.  Ok, so I waste a lot of cpu - that's
part of the point: it's a mere 2500, but I have all this cpu to spare.
230 Kbps isn't much, but it's enough to ssuggest I'm going to run out
of T1 before I run out of cpu.

--
Dick St.Peters,       Gatekeeper, Pearly Gateway, Ballston Spa, NY
stpeters () NetHeaven com     Owner, NetHeaven 518-885-1295/800-910-6671
Albany/Saratoga/Glens Falls/North Creek/Lake Placid/Blue Mountain Lake
          First Internet service based in the 518 area code
- - - - - - - - - - - - - - - - -

Current thread:

Re[4]: SYN floods (was: does history repeat itself?), (continued)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 09)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 10)
  - Re: Re[4]: SYN floods (was: does history repeat itself?) Perry E. Metzger (Sep 10)
  - Re: Re[4]: SYN floods (was: does history repeat itself?) Alec H. Peterson (Sep 10)
    - Re: Re[4]: SYN floods (was: does history repeat itself?) Perry E. Metzger (Sep 10)
    - Re: Re[4]: SYN floods (was: does history repeat itself?) Alexis Rosen (Sep 10)
  - Re: Re[4]: SYN floods (was: does history repeat itself?) Curtis Villamizar (Sep 12)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 10)
  - Re: Re[2]: SYN floods (was: does history repeat itself?) Alexis Rosen (Sep 10)
    - Re: Re[2]: SYN floods (was: does history repeat itself?) Paul Frommeyer (Sep 10)
    - Re: Re[2]: SYN floods (was: does history repeat itself?) Dick St.Peters (Sep 11)
- Re[6]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 11)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 12)
  - Re: Re[2]: SYN floods (was: does history repeat itself?) Michael Dillon (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 12)
  - Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 12)
    - Re: SYN floods (was: does history repeat itself?) Alexis Rosen (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Tim Salo (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 13)
  - Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 13)
    - Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 13)

(Thread continues...)