Re: Level3 routing issues?

[Jared Mauch <jared () puck Nether net>]

On Tue, Jan 28, 2003 at 03:34:15PM +0000, cowie () renesys com wrote:
> Some BGP-speaking routers (not all, by any means, but some subpopulation)
> found themselves pegged at 100% CPU on Saturday.  Just one example: 
>
>    http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html

        I wonder how much of this was because of packets
destined *TO* the router.  I don't know about you but I'm not
about to go put access-lists on all 600+ interfaces in some of
my routers.  My push is for Cisco to (and i'm sure others agree, as
well as the other vendors who don't have a similar feature today)
to port their "ip receive acl" to other important platforms.  The
GSR is not the only router that needs to be protected on the internet
and they seem to be missing that bit of direction.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800a8531.html

        Not putting this feature in the next releases of software
would be irresponsible on their part after the critical nature
of this attack, IMHO.

        - jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.