On Sat, 17 Sep 2005, tony sarendal wrote:
... until you get an inbound ddos over that shiny gige at 1.44 Mpps. in today's world, planning for normal circumstances is woefully insufficient, you have to spec based on worst case numbers because you're almost guaranteed they will hit your network upside the head in the future.
If I have a GE link and get DDOS'ed at 1.44Mpps I'm on the wrong side of the bottleneck to do much about it, am I not ?
The difference is with a software based router that melts under DDoS traffic, the CLI may become unusable and it may be dropping so many packets, that if you're on the outside, you can't get in to manage it or anything else on the network. With a hardware based router that can handle one or more orders of magnitude more PPS that a DDoS generates, the CLI keeps working as if nothing's wrong, and if you happen to be on the outside trying to get in to manage things, you may suffer a little packet loss if your transit pipes are full, but nothing compared to the first case. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________