Using crypto auth for detecting corrupted IGP packets?

Manav Bhatia manavbhatia at gmail.com
Fri Oct 1 02:31:48 CDT 2010


>
>> Buffering for 4-6 hours worth of control traffic is HUGE!
>
> If 4-6 hours of *control-plane* traffic on a given device is 'HUGE!', for some reasonable modern value of 'HUGE!', then there's definitely a problem on the network in question.

With BFD alone (assuming 20 sessions, 50ms timer) you will have
400pps. In 6 hours you will have around 8000K BFD packets. Add OSPF,
RSVP, BGP, LACP (for lags), dot1AG, EFM and you would really get a
significant number of packets to buffer.

Cheers, Manav




More information about the NANOG mailing list