A 7513 with an RSP2 (100Mhz MIPS R4700) can process switch around 3500 packets/sec, by my unofficial testing. People at cisco may respond negatively to my post, but I'll refer them to two cases I opened with TAC, neither of which were able to raise the ceiling on how many packets can be process switched. Cisco configuration is aimed towards fast-switching as many packets as possible. The same box can probably fast switch a couple of hundered thousand packets/sec or more (I have no idea, I just know it's a lot) but if you force the box to process switch, YOU WILL KILL IT. It will start dropping bgp sessions, etc etc, and you're toast. One way to force a cisco to process switch is by sending it packets that match an ACL deny.... and this latest round of 'smurfing' will send tens of thousands of packets/sec through your router.. so access-list filtering is worse than useless, it is destructive, when combating DoS attacks. hence the idea of using policy-routing to filter the smurf-attacks. realize here that doubling (or tripling, or quadrupling) the CPU power of the cisco will not help. Upgrading from an rsp2 to an rsp4 would buy you about 3 times 3.5Kpps, say around 10Kpps, process switched. That's still hardly enough to save you when you're being smurfed. Ed -- On Wed, Aug 13, 1997 at 02:27:43PM -0500, Jon Green said:
I'm not from a Cisco background, so forgive me, but.. What a strange way to configure a router. You have to configure it in a non-intuitive way because the intuitive way will blow up the router? I guess we should be thankful that IOS lets us get around hardware limitations of the box, but someone should really teach Cisco a concept called "SMP". Just an observation..
-Jon