feasability of stopping smurfs with cisco's CAR

Marko Bukvic marko at pfmc.net
Wed Apr 29 21:29:17 UTC 1998


Greetings,

cisco's new Committed Access Rate feature lets you do real QoS rate limiting (as opposed to traffic shaping) with access lists.
CAR could be implemented on either ingress/egress interfaces to limit bandwidth usage by ICMP to something safe like 5MBits.
This would prevent an incoming ICMP flood from consuming your aggregation links, while it still might inconvenience a T1 customer.
If placed on the outgoing access-list it can prevent your network from originating unfriendly amounts of ICMP.
CAR can either discard or decrease the priority of the offending traffic.

A couple of questions:

I am unfamiliar with what tier 1 providers use as aggregation routers(routers their T3+ customers connect to). Due to CAR's
potentially CPU intensive nature (when dealing with access-list based traffic limiting compared to address based limiting), would
an "ICMP permit with exceed-action drop" filter constitute an unacceptable load on the CPU and memory of these routers?

If I only had 1 multi-megabit transit pipe, is it reasonable(in the future) of me to ask/require my upstream provider to protect
my pipe from being wasted by large amounts of ICMP? If I only put it on my side, the pipe still gets wasted. 

Are there any other vendors who offer a similar feature without the use of ATM? 

Thank you.

Marko




More information about the NANOG mailing list