nanog mailing list archives
Re: IPSEC VPNs capable of handling worm traffic
From: Daniel Golding <dgolding () burtongroup com>
Date: Wed, 19 Nov 2003 19:15:40 -0500
All of these cute references to "vendor c" and "vendor n" go by the wayside when we slip and say "Nortel" or refer to "CEF". :) IMHO, if you aren't breaking an NDA, you might as well name names. If you are breaking an NDA, using initials won't screen you from legal jeopardy... - Daniel Golding On 11/19/03 6:27 PM, "Magnus Eriksson" <magnus () eriksson mu> wrote:
The last 2 days I've been fighting against the Nachi ICMP onslaght on a customer network. Problem is that the "random" destination traffic seem to kill my VPNs by vendor N. CPU is consumed, probably due to trying to maintain/update route cache. Or maybe it hits it's pps limit. Ordinary traffic req. is approx. 10 Mbit/s mixed traffic. Worm traffic I would like to be able to handle is approx 2-3kpps. Anyone know of any VPN boxes/routers with VPN capability that is better able to handle the onslaught? Is vendors C's boxes better than Nortel's? Is CEF going to help me? Or is the problem pps related? Will it help to throw a bigger box at the problem? Any advice greatly appreciated. Regards Magnus - Sweden
Current thread:
- IPSEC VPNs capable of handling worm traffic Magnus Eriksson (Nov 19)
- Re: IPSEC VPNs capable of handling worm traffic Greg Maxwell (Nov 19)
- Re: IPSEC VPNs capable of handling worm traffic Charlie Clemmer (Nov 20)
- Re: IPSEC VPNs capable of handling worm traffic Daniel Golding (Nov 20)
- Re: IPSEC VPNs capable of handling worm traffic Petri Helenius (Nov 21)
- Re: IPSEC VPNs capable of handling worm traffic Bruce R. Babcock (Nov 20)