Re: bandwidth for bkbits.net (good news)

From: Henning Schmiedehausen
Date: Fri Sep 05 2003 - 10:40:51 EST

Next message: Paul Fulghum: "[PATCH] 2.6.0-test4 synclink_cs.c"
Previous message: Mehmet Ceyran: "RE: nasm over gas?"
In reply to: Florian Weimer: "Re: bandwidth for bkbits.net (good news)"
Next in thread: Florian Weimer: "Re: bandwidth for bkbits.net (good news)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2003-09-05 at 10:10, Florian Weimer wrote:

> > You need a shaper connected to the ISP backbone which shapes the
> > outgoing traffic for you and a border router which talks to the T1
> > (C17xx or C26xx). Normally, if your ISP has some sort of clue, you
> > will also need a bastion router which can handle backbone <-> 100 MBit
> > traffic and does dynamic routing updates (EGP or OSPF) to the ISP
> > backbone (A C26xx or C37xx).
>
> C37xx can handle a maximum load of 225 kpps (data sheet number,
> i.e. this value cannot be exceeded even under most favorable
> conditions), the others handle even less. Such routers are of no help
> during a DoS attack.
>
> Yes, I snipped the DoS context, and your approach would work in a
> benign environment. 8-)

225kpps * 64 Bytes (minimum packet len) = 13,7 MBytes / sec

100 MBit / 8 bit = 12,5 MBytes / sec

So, IMHO even with a small packet saturated 100 MBit link you won't
reach 225kpps. AFAIK this was Ciscos intention to publish this number.
It basically says "you will have filled your link before you fill our
router".

I'm pretty sure that your 37xx won't do any routing updates anymore at
this point. And if you do _anything_ that forces the packets down the
slow path from the routing engine, you're toast anyway.

But I'm pretty sure that a C37xx would handle full 100 MBit traffic to a
busy website without any problems. In fact, I know that it does. ;-) (We
did switch to a C12000 shortly after, mainly because we went Gigabit).

Regards
Henning

--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen INTERMETA GmbH
hps@xxxxxxxxxxxx +49 9131 50 654 0 http://www.intermeta.de/

Java, perl, Solaris, Linux, xSP Consulting, Web Services
freelance consultant -- Jakarta Turbine Development -- hero for hire

"Dominate!! Dominate!! Eat your young and aggregate! I have grotty silicon!"
-- AOL CD when played backwards (User Friendly - 200-10-15)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Fulghum: "[PATCH] 2.6.0-test4 synclink_cs.c"
Previous message: Mehmet Ceyran: "RE: nasm over gas?"
In reply to: Florian Weimer: "Re: bandwidth for bkbits.net (good news)"
Next in thread: Florian Weimer: "Re: bandwidth for bkbits.net (good news)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]