Jamal Hadi <hadi@shell.cyberus.ca> writes: > Typically, real world is less intense than the lab. Ex: noone sends > 100Mbps at 64 byte packet size. Unfortunately, compromised hosts do send such traffic, and DoS victims receive it. 8-( You don't want your core routers to break down just because a couple of the 150,000 hosts in your regional network have been compromised (think of Slammer) or you are running an IRC server. > Have you seen how the big boys advertise? Typical GSR linecards for OC-48 are specified to handle 2 Mpps, but the switch fabric is reportedly somewhat inert and the router might choke before that if there are too many linecards involved (I haven't observed this personally, this just chatter from someone who works daily with those beasts). A couple of hundred kpps aren't a problem for those routers, though, as are 300 Mbit (or was it 400?) of Slammer traffic (with random destination addresses). In general, the forwarding performance is nowadays specified in pps and even flows per second if you look carefully at the data sheets. Most vendors have learnt that people want routers with comforting worst-case behavior. However, you have to read carefully, e.g. a Catalyst 6500 with Supervisor Engine 1 (instead of 2) can only create 650,000 flows per second, even if it has a much, much higher peak IP forwarding rate. (The times of routers which died when confronted with a rapid ICMP sweep across a /16 are gone for good, I hope.) - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
