nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

Saku Ytti saku at ytti.fi
Sat Oct 1 10:43:16 UTC 2016


On 1 October 2016 at 10:03, Pedro <piotr.1234 at interia.pl> wrote:
> We had situations, that we lost all our bgp sessions, not even only on ports
> where flood was coming. Just cpu overloaded. I don't care about support too
> much, there are cheap enough to have spare.

What is the device you're trying to protect? Perhaps it supports
reasonable CoPP features so that you can protect it directly on
itself. To do this CoPP on neighbouring switch, you'll need unique
policer for each and every BGP session and ARP, your switch may not
support this and it is provisioning nightmare.

-- 
  ++ytti


More information about the NANOG mailing list