Juniper QFX10000(including 100002) supports ~64k ACL entries + FlowSpec -- Tim
On Tue, Nov 6, 2018 at 1:49 PM Mike Hammett <na...@ics-il.net> wrote: > The intent is to see if I can construct a poor man's DDOS scrubber. There > are low cost systems out there for the detection, but they just trigger > something else to do the work. Obviously there is black hole routing, but > I'm looking for something with a bit more finesse. > > If I need to get a switch anyway, might as well try to take advantage of > it for other uses. > > -----Mike HammettIntelligent Computing SolutionsMidwest Internet > ExchangeThe Brothers WISP > > ----- Original Message ----- > From: Lotia, Pratik M <pratik.lo...@charter.com> > To: Mike Hammett <na...@ics-il.net>, 'nanog list' <nanog@nanog.org> > Sent: Tue, 06 Nov 2018 12:29:15 -0600 (CST) > Subject: Re: Switch with high ACL capacity > > Mike, > > Can you shed some light on the use case? Looks like you are confusing ACLs > and BGP Flowspec. ACLs and Flowspec rules are similar in some ways but they > have a different use case. ACLs cannot be configured using Flowspec > announcements. Flowspec can be loosely explained as 'Routing based on L4 > rules' (there's a lot more to it than just L4). I doubt if a there is a > Switch which can hold a large number of Flowspec entries. > > > ~Pratik Lotia > “Improvement begins with I.” > > > On 11/6/18, 10:39, "NANOG on behalf of Mike Hammett" < > nanog-boun...@nanog.org on behalf of na...@ics-il.net> wrote: > > I am looking for recommendations as to a 10G or 40G switch that has > the ability to hold a large number of entries in ACLs. > > Preferred if I can get them there via the BGP flow spec, but some sort > of API or even just brute force on the console would be good enough. > > Used or even end of life is fine. > > -----Mike HammettIntelligent Computing SolutionsMidwest Internet > ExchangeThe Brothers WISP > > > E-MAIL CONFIDENTIALITY NOTICE: > The contents of this e-mail message and any attachments are intended > solely for the addressee(s) and may contain confidential and/or legally > privileged information. If you are not the intended recipient of this > message or if this message has been addressed to you in error, please > immediately alert the sender by reply e-mail and then delete this message > and any attachments. If you are not the intended recipient, you are > notified that any use, dissemination, distribution, copying, or storage of > this message or any attachment is strictly prohibited. > >