nanog mailing list archives

Re: Vyatta as a BRAS

From: khatfield () socllc net
Date: Tue, 13 Jul 2010 18:29:52 +0000

Routing.

We can route that. If it were targeting the box itself it would depend if the attack were getting through. 

Certainly iptables can't handle something like that but pf does well with high PPS rates. If it were all 'DROP' traffic 
then likely higher. If it were hitting the box directly and getting past the firewall, yes it would be substantially 
lower.

We were talking about routing though.
------Original Message------
From: Dobbins, Roland
To: NANOG list
Subject: Re: Vyatta as a BRAS
Sent: Jul 13, 2010 12:56 PM


On Jul 14, 2010, at 12:39 AM, <khatfield () socllc net> <khatfield () socllc net> wrote:

I haven't done real world testing with Vyatta but we consistently pass 750KPPS+ without the slightest hiccup on our 
FreeBSD routing systems.


750kpps packeting the box itself?

Also, note that kpps is a small amount of traffic, compared to what even very small botnets can dish out.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

Current thread:

Re: Vyatta as a BRAS, (continued)
- - - Re: Vyatta as a BRAS Dobbins, Roland (Jul 18)
    - Re: Vyatta as a BRAS Dobbins, Roland (Jul 18)
    - Re: Vyatta as a BRAS Mark Smith (Jul 18)
    - Re: Vyatta as a BRAS Dobbins, Roland (Jul 18)
    - Re: Vyatta as a BRAS Brett Frankenberger (Jul 18)
    - Re: Vyatta as a BRAS Tim Durack (Jul 18)
    - Re: Vyatta as a BRAS Mark Smith (Jul 19)
    - RE: Vyatta as a BRAS Akyol, Bora A (Jul 19)
    - Re: Vyatta as a BRAS Tony Li (Jul 20)
    - Re: Vyatta as a BRAS Lamar Owen (Jul 20)
- Re: Vyatta as a BRAS khatfield (Jul 13)
  - Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS khatfield (Jul 13)
  - Re: Vyatta as a BRAS Lamar Owen (Jul 13)