North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
- From: Paul Ferguson
- Date: Mon Feb 28 22:36:37 2000
At 12:06 AM 02/29/2000 -0300, Rubens Kuhl Jr. wrote:
Thanks for the long answer, but this question was actually on how the router
performance impact of CAR or TCP-Intercept changes between using CEF
switching (ip route-cache cef, default) and CEF-Flow switching (ip
route-cache cef + ip-route cache flow). Although NetFlow impacts router
performance a little, running CEF-Flow makes large access-list processing
faster than just running CEF; I think some other features (IPSec ?) also
have performance gains. I was wondering whether CAR and/or TCP-Intercept
would have better performance with CEF-Flow.
Again, forget about flow-switching in any context except for
tracing back attackers.
If you want the functionality to lower the threshold of DoS pain,
CEF is your baby.
This is an operational forum, yes? Where is the input from the
(current) operators?
- paul
ps. And they can both be used in conjunction with one another to
reach an end goal...
| 
