Re: bandwidth for bkbits.net (good news)

From: Florian Weimer
Date: Fri Sep 05 2003 - 10:52:58 EST

Next message: Lorenzo Allegrucci: "[OOPS] 2.6.0-test4 CONFIG_PREEMPT=y"
Previous message: Steven Cole: "Re: 2.6.0-test4-mm6"
In reply to: Henning Schmiedehausen: "Re: bandwidth for bkbits.net (good news)"
Next in thread: P: "Re: bandwidth for bkbits.net (good news)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Henning Schmiedehausen <hps@xxxxxxxxxxxx> writes:

>> Yes, I snipped the DoS context, and your approach would work in a
>> benign environment. 8-)
>
> 225kpps * 64 Bytes (minimum packet len) = 13,7 MBytes / sec
>
> 100 MBit / 8 bit = 12,5 MBytes / sec
>
> So, IMHO even with a small packet saturated 100 MBit link you won't
> reach 225kpps. AFAIK this was Ciscos intention to publish this number.
> It basically says "you will have filled your link before you fill our
> router".

Cisco sells Gigabit Ethernet linecards for this router, and the
situation is quite different in this case. And with most attacks,
it's a futile exercise to try to combat them on a Fast Ethernet link,
anyway. 8-(

> But I'm pretty sure that a C37xx would handle full 100 MBit traffic to a
> busy website without any problems. In fact, I know that it does. ;-) (We
> did switch to a C12000 shortly after, mainly because we went Gigabit).

Of course it does. After all, web traffic is somewhat different from
pure DoS traffic. 8-)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lorenzo Allegrucci: "[OOPS] 2.6.0-test4 CONFIG_PREEMPT=y"
Previous message: Steven Cole: "Re: 2.6.0-test4-mm6"
In reply to: Henning Schmiedehausen: "Re: bandwidth for bkbits.net (good news)"
Next in thread: P: "Re: bandwidth for bkbits.net (good news)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]