Level3 routing issues?

Jared Mauch jared at puck.Nether.net
Tue Jan 28 16:28:55 UTC 2003


On Tue, Jan 28, 2003 at 03:34:15PM +0000, cowie at renesys.com wrote:
> Some BGP-speaking routers (not all, by any means, but some subpopulation)
> found themselves pegged at 100% CPU on Saturday.  Just one example: 
> 
>    http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html

	I wonder how much of this was because of packets
destined *TO* the router.  I don't know about you but I'm not
about to go put access-lists on all 600+ interfaces in some of
my routers.  My push is for Cisco to (and i'm sure others agree, as
well as the other vendors who don't have a similar feature today)
to port their "ip receive acl" to other important platforms.  The
GSR is not the only router that needs to be protected on the internet
and they seem to be missing that bit of direction.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800a8531.html

	Not putting this feature in the next releases of software
would be irresponsible on their part after the critical nature
of this attack, IMHO.

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.



More information about the NANOG mailing list