[Update] Re: New ISP to market, BCP 38, and new tactics

Nathan Ward nanog at daork.net
Fri Feb 6 19:39:39 CST 2009


On 7/02/2009, at 5:20 AM, Brad Fleming wrote:

> On Feb 4, 2009, at 2:52 AM, Steve Bertrand wrote:
>>>>>
>>
>> http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02
>>
>
> If I understand this correctly, there will be a route entered on  
> each edge router for all sources that are participating in a DDoS  
> attack. Is anyone worried about TCAM usage if one of their customers  
> gets hit with a larger DDoS attack? Add in our IPv6 and V4 multicast  
> tables chewing up more TCAM space and things get even more dicy!
>
> For my part, I'd be worried if the overall IPv4 unicast route table  
> got much larger than ~1million entries because our hardware-based  
> routers might run out of TCAM and bring the whole network to a  
> screeching halt.


Or more than 256k routes on a SUP2, or 192k/239K routes on a SUP720.

We are at 285798 as of last CIDR report.

So, I guess you should be worried.. now :-)

--
Nathan Ward





More information about the NANOG mailing list