On Fri, 2003-09-05 at 10:10, Florian Weimer wrote:
You need a shaper connected to the ISP backbone which shapes the
outgoing traffic for you and a border router which talks to the T1
(C17xx or C26xx). Normally, if your ISP has some sort of clue, you
will also need a bastion router which can handle backbone <-> 100 MBit
traffic and does dynamic routing updates (EGP or OSPF) to the ISP
backbone (A C26xx or C37xx).
C37xx can handle a maximum load of 225 kpps (data sheet number,
i.e. this value cannot be exceeded even under most favorable
conditions), the others handle even less. Such routers are of no help
during a DoS attack.
Yes, I snipped the DoS context, and your approach would work in a
benign environment. 8-)
225kpps * 64 Bytes (minimum packet len) = 13,7 MBytes / sec
100 MBit / 8 bit = 12,5 MBytes / sec
So, IMHO even with a small packet saturated 100 MBit link you won't
reach 225kpps. AFAIK this was Ciscos intention to publish this number.
It basically says "you will have filled your link before you fill our
router".