You're forgetting a key point... an as5300 or a MAX is not a generic box. They're well supported (toungue in cheek) boxes. But how about other boxes from less established vendors.. The ones that barely know how to do do PPP, much less packet filtering. These are going to be a constant problem. Some of these will never care about this stuff and others will end up being put in use before they get this stuff and never get upgraded.
Funny. On an as5300 with compression turned on, and 96 56K users dialed up and active, I've never seen the CPU load go above 15%
On Wed, 9 Feb 2000, Dan Hollis wrote:
| | On Wed, 9 Feb 2000, Daniel Senie wrote: | > Dialup pools should also be protected. No sense in permitting problems | > to originate on a dialup modem or ISDN line. I know the Lucent/Ascend | > MAX product accepts an attribute Ascend-Source-IP-Check, which can be | > applied as a part of the RADIUS authentication. Have the large dialup | > wholesalers implemented this? | | When I asked a couple dialup wholesalers this question point blank last | year, the answer was no - because their routers/term servers didn't have | enough CPU to do filtering. | | -Dan | | |
--- Gates' Law: Every 18 months, the speed of software halves.
---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------