Home page logo
/

nanog logo nanog mailing list archives

feasability of stopping smurfs with cisco's CAR
From: Marko Bukvic <marko () pfmc net>
Date: Wed, 29 Apr 1998 17:29:17 -0400 (EDT)

Greetings,

cisco's new Committed Access Rate feature lets you do real QoS rate limiting (as opposed to traffic shaping) with 
access lists.
CAR could be implemented on either ingress/egress interfaces to limit bandwidth usage by ICMP to something safe like 
5MBits.
This would prevent an incoming ICMP flood from consuming your aggregation links, while it still might inconvenience a 
T1 customer.
If placed on the outgoing access-list it can prevent your network from originating unfriendly amounts of ICMP.
CAR can either discard or decrease the priority of the offending traffic.

A couple of questions:

I am unfamiliar with what tier 1 providers use as aggregation routers(routers their T3+ customers connect to). Due to 
CAR's
potentially CPU intensive nature (when dealing with access-list based traffic limiting compared to address based 
limiting), would
an "ICMP permit with exceed-action drop" filter constitute an unacceptable load on the CPU and memory of these routers?

If I only had 1 multi-megabit transit pipe, is it reasonable(in the future) of me to ask/require my upstream provider 
to protect
my pipe from being wasted by large amounts of ICMP? If I only put it on my side, the pipe still gets wasted. 

Are there any other vendors who offer a similar feature without the use of ATM? 

Thank you.

Marko



  By Date           By Thread  

Current thread:
  • feasability of stopping smurfs with cisco's CAR Marko Bukvic (Apr 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]