nanog mailing list archives
Re: Nachi/Welchia Aftermath
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Wed, 21 Jan 2004 02:10:36 +0000 (GMT)
On Tue, 20 Jan 2004, Rubens Kuhl Jr. wrote:
Flow-based: Foundry with IronCore modules, Cisco Catalyst 6500 withSup1(A)Prefix-based: Foundry with JetCore modules, Cisco Catalyst 6500/7600withSup2(A), Sup3(A/BXL)Where do the Extreme and Juniper fit into this?Private and public answers to my question indicate that both Summit 48i and Black Diamond from Extreme are flow-based; Juniper doesn't make layer 3 switches, but their routers also do prefix-based forwarding; Cisco routers also do prefix-based forwarding at usual configurations. Also of notice, flow-based forwarding is not the only thing that makes a L3 device suffer at worm attacks. If a directly connected interface is an Ethernet (or any other medium that is not point to point), ARPing for a lot of new addresses per second can also do harm.
Nearly. Any frames needing to go to the CPU will harm your box.. this tends to be L2 occurances (arp storms is one ) which therefore means connected ethernets. DoSing (L3 IP eg smurf) a router will usually hurt and if you can manage it higher level applications (announce/withdraw 1000s routes in BGP, fill up NAT tables). Of course your architectures differ so ymmv. Steve
Rubens----- Original Message ----- From: <haesu () towardex com> To: "Brent Van Dussen" <vandusb () attens com> Cc: "NANOG" <nanog () merit edu> Sent: Tuesday, January 20, 2004 9:46 PM Subject: Re: Nachi/Welchia Aftermathlesson learned: stop using /makeshift/ layer3 switches (without naming vendor) to run L3 core
Current thread:
- Re: Nachi/Welchia Aftermath, (continued)
- Re: Nachi/Welchia Aftermath haesu (Jan 20)
- Re: Nachi/Welchia Aftermath Rubens Kuhl Jr. (Jan 20)
- Re: Nachi/Welchia Aftermath haesu (Jan 20)
- Re: Nachi/Welchia Aftermath Paul Vixie (Jan 20)
- Re: Nachi/Welchia Aftermath haesu (Jan 21)
- Re: Nachi/Welchia Aftermath Richard A Steenbergen (Jan 21)
- Re: Nachi/Welchia Aftermath Paul Vixie (Jan 21)
- Re: Nachi/Welchia Aftermath haesu (Jan 21)
- Re: Nachi/Welchia Aftermath Rubens Kuhl Jr. (Jan 20)
- Re: Nachi/Welchia Aftermath haesu (Jan 20)
- Re: Nachi/Welchia Aftermath Donovan Hill (Jan 20)
- Re: Nachi/Welchia Aftermath Rubens Kuhl Jr. (Jan 20)
- Re: Nachi/Welchia Aftermath Stephen J. Wilcox (Jan 20)
- Re: Nachi/Welchia Aftermath Mikael Abrahamsson (Jan 21)
- Re: Nachi/Welchia Aftermath Donovan Hill (Jan 21)
- Re: Nachi/Welchia Aftermath Tom (UnitedLayer) (Jan 21)
- Re: Nachi/Welchia Aftermath Mikael Abrahamsson (Jan 21)
- Re: Nachi/Welchia Aftermath Richard A Steenbergen (Jan 20)
- Re: Nachi/Welchia Aftermath Tom (UnitedLayer) (Jan 20)
- Re: Nachi/Welchia Aftermath John Lyons (Jan 21)
- Re: Nachi/Welchia Aftermath Rafi Sadowsky (Jan 21)
- Re: Nachi/Welchia Aftermath sthaug (Jan 21)
- Re: Nachi/Welchia Aftermath Rubens Kuhl Jr. (Jan 21)