Smurf tone down
alex at nac.net
alex at nac.net
Sat May 1 16:31:33 UTC 1999
> 1) Can't run CEF. There are some situations under which CEF causes
> problems. The good news is these are getting to be fewer and fewer
> every day, but as recently as 6 months ago it would regularly crash
> routers with some line cards under heavy loads. I expect this reason
> to disappear completely within another 6 months.
Good arguement. But it seems that no one is doing it.
> Also, in the can't run catagory there are some (usually smaller)
> providers still using 7000's, 4000's, and other (dare I say even
> 2501's?) for customer attach.
Au contrair, monfrair (sp?!); CEF & CAR is available on many platforms
now; we've got it running on 3600's, 4700's, and 7200's. My understanding
is that is will also work on 2500's (I was told anything but PowerPC based
systems).
> 2) Can't spare the CPU. Sometimes this has to do with the load of CAR,
> although generally I expect this is due to other things. If you have
> 150-200 T1 customers on a 7513 (easy to get with CT3 cards) and you
> run BGP to even just 25% of them, and you still have RSP2's then
> you probably don't have CPU to even think about giving to CAR, no
> matter how little it uses.
As said before, the demonstrable increase in load using CAR is abot 0-2%.
> 3) Can't manage it. Providers are understaffed with clueful people.
Is this really that hard?
access-list 175 permit icmp any any
int bleh/bleh
rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
> 4) Don't care. I don't mean this in shallow "screw the customer" way.
> them so they can be perminantly shut off. If it doesn't saturate
> your links and your routers it's not your problem.
But it could/might. I've seen repeatedly when other downstreams off the
same upstream router as us be attacked, the upstreams router usually is
unhappy.
>
> 5) It's none of their business. This one works people up. The logic
> goes like this. If my provider CAR's ICMP automatically, why don't
> they also CAR porn automatically, so it's only a little traffic.
> Oh, and SPAM, that should be CAR'ed to help reduce it. All e-mail
> to and from a competitor, that should be CAR'ed really low....
>
> It's a dangerous road to go down.
I don't subscribe to this. Your talking about two different levels of the
ISO model :-)
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization. I route, therefore I am.
Alex Rubenstein, alex at nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP; we have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the NANOG
mailing list