vyatta for bgp
Owen DeLong
owen at delong.com
Mon Sep 12 19:45:18 UTC 2011
On Sep 12, 2011, at 12:35 PM, Nick Hilliard wrote:
> On 12/09/2011 20:08, Michael K. Smith - Adhost wrote:
>> How do you come to this conclusion? I think a software-based router for
>> enterprise level (let's say on the 1G per provider level) can handle a
>> fair amount of zorching.
>
> I presume by "a fair amount", I presume you mean "barely any"?
>
> At large packet sizes, an "enterprise level" router will just about handle
> a 1G DoS attack. Thing is, bandwidth DoS / DDoS is sufficiently easy to
> pull off on a large scale that a 1G DoS is pretty easy.
>
> Incidentally, most service providers use "enterprise level" as a by-word
> for mediocre quality kit, lacking in both stability and useful features.
>
> Nick
In your typical enterprise environment, a 1G DoS will zorch the link long
before it zorches the router at the enterprise side.
I agree that software-based routers are not a good choice for a backbone
provider, but, for an enterprise that is dealing with <1gbps links coming
in from ≤3 providers, the difference in cost makes a software router an
attractive option in many cases.
Of course it is important to understand the limitations of the solution you
choose, but, in such an environment, a USD100,000+ ASIC based router
may be like trying to kill a mosquito with a sledge hammer.
Owen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2105 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110912/02d02ef4/attachment.bin>
More information about the NANOG
mailing list