[Update] Re: New ISP to market, BCP 38, and new tactics
nanog at daork.net
Fri Feb 6 19:39:39 CST 2009
On 7/02/2009, at 5:20 AM, Brad Fleming wrote:
> On Feb 4, 2009, at 2:52 AM, Steve Bertrand wrote:
> If I understand this correctly, there will be a route entered on
> each edge router for all sources that are participating in a DDoS
> attack. Is anyone worried about TCAM usage if one of their customers
> gets hit with a larger DDoS attack? Add in our IPv6 and V4 multicast
> tables chewing up more TCAM space and things get even more dicy!
> For my part, I'd be worried if the overall IPv4 unicast route table
> got much larger than ~1million entries because our hardware-based
> routers might run out of TCAM and bring the whole network to a
> screeching halt.
Or more than 256k routes on a SUP2, or 192k/239K routes on a SUP720.
We are at 285798 as of last CIDR report.
So, I guess you should be worried.. now :-)
More information about the NANOG