Routing. We can route that. If it were targeting the box itself it would depend if the attack were getting through.
Certainly iptables can't handle something like that but pf does well with high PPS rates. If it were all 'DROP' traffic then likely higher. If it were hitting the box directly and getting past the firewall, yes it would be substantially lower. We were talking about routing though. ------Original Message------ From: Dobbins, Roland To: NANOG list Subject: Re: Vyatta as a BRAS Sent: Jul 13, 2010 12:56 PM On Jul 14, 2010, at 12:39 AM, <[email protected]> <[email protected]> wrote: > I haven't done real world testing with Vyatta but we consistently pass > 750KPPS+ without the slightest hiccup on our FreeBSD routing systems. 750kpps packeting the box itself? Also, note that kpps is a small amount of traffic, compared to what even very small botnets can dish out. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
