Nachi/Welchia Aftermath

• Previous message (by thread): Nachi/Welchia Aftermath
• Next message (by thread): Nachi/Welchia Aftermath
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 20 Jan 2004, Rubens Kuhl Jr. wrote:

> > > Flow-based: Foundry with IronCore modules, Cisco Catalyst 6500 with
> Sup1(A)
> > > Prefix-based: Foundry with JetCore modules, Cisco Catalyst 6500/7600
> with
> > > Sup2(A), Sup3(A/BXL)
> > Where do the Extreme and Juniper fit into this?
> 
> Private and public answers to my question indicate that both Summit 48i and
> Black Diamond from Extreme are flow-based; Juniper doesn't make layer 3
> switches, but their routers also do prefix-based forwarding; Cisco routers
> also do prefix-based forwarding at usual configurations.
> 
> Also of notice, flow-based forwarding is not the only thing that makes a L3
> device suffer at worm attacks. If a directly connected interface is an
> Ethernet (or any other medium that is not point to point), ARPing for a lot
> of new addresses per second can also do harm.

Nearly. Any frames needing to go to the CPU will harm your box.. this tends to 
be L2 occurances (arp storms is one ) which therefore means connected ethernets. 
DoSing (L3 IP eg smurf) a router will usually hurt and if you can manage it 
higher level applications (announce/withdraw 1000s routes in BGP, fill up NAT 
tables). Of course your architectures differ so ymmv.

Steve

 > 
> 
> Rubens
> 
> 
> >
> > >
> > > ----- Original Message -----
> > > From: <haesu at towardex.com>
> > > To: "Brent Van Dussen" <vandusb at attens.com>
> > > Cc: "NANOG" <nanog at merit.edu>
> > > Sent: Tuesday, January 20, 2004 9:46 PM
> > > Subject: Re: Nachi/Welchia Aftermath
> > >
> > > > lesson learned:
> > > > stop using /makeshift/ layer3 switches (without naming vendor) to run
> > > > L3 core
> 
> 

• Previous message (by thread): Nachi/Welchia Aftermath
• Next message (by thread): Nachi/Welchia Aftermath
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]