SYN floods (was: does history repeat itself?)

Alexis Rosen alexis at panix.com
Wed Sep 11 02:31:03 UTC 1996


Justin W. Newton writes:
> At 02:12 PM 9/10/96 -0400, Alec H. Peterson wrote:
> >>
> >>FWIW, even with a thousand very busy modems, I'm pretty sure that even a
> >>small cisco is up to the job. They just don't generate all that much
> traffic.
> >
> >Could be, although I'd want to see this before I bet the farm on it.
> >I'm not sure how efficient crisco's filtering algorithm is...
> 
> I have found that 2500's do not have the processor for even basic filtering
> when sitting in front of several hundred modems.  4700's on the other hand
> (and 7200's) have the ability to handle the job with little difficulty.

Really? Is there something special about 2500s as compared to AGSes? Alec
pointed out to me that my numbers were a bit off, but they're not off by
that much. How much traffic was there on the 2500 that you were trying to
use for filtering? And how many ports were in use?

FWIW, in terms of low-cost solutions, 4000s and 4500s may still be available,
and I think the 4000 has the same CPU as an AGS (25MHz 68040) though I might
be misremembering. I'm sure the 4500 is plenty- it's got a 100MHz MIPS chip
(from IDT, I think).

/a





More information about the NANOG mailing list