Routing. We can route that. If it were targeting the box itself it would depend if the attack were getting through. Certainly iptables can't handle something like that but pf does well with high PPS rates. If it were all 'DROP' traffic then likely higher. If it were hitting the box directly and getting past the firewall, yes it would be substantially lower. We were talking about routing though. ------Original Message------ From: Dobbins, Roland To: NANOG list Subject: Re: Vyatta as a BRAS Sent: Jul 13, 2010 12:56 PM On Jul 14, 2010, at 12:39 AM, <khatfield@socllc.net> <khatfield@socllc.net> wrote:
I haven't done real world testing with Vyatta but we consistently pass 750KPPS+ without the slightest hiccup on our FreeBSD routing systems.
750kpps packeting the box itself? Also, note that kpps is a small amount of traffic, compared to what even very small botnets can dish out. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
On Jul 14, 2010, at 1:29 AM, <khatfield@socllc.net> wrote:
We were talking about routing though.
I was talking about packeting the boxes directly, apologies for being unclear - that's what I meant when I said that the era of software-based edge boxes is long past. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
participants (2)
-
Dobbins, Roland -
khatfield@socllc.net