Michele Marazza wrote:
Joining with what Pascal says, yes, you can "wash" traffic when you have
some Mbps, not if you have 1Gbps.. (this fill anyway your links before
the washing machine which, I suppose, is somewhere central located if
you have many border routers).
Well, it depends on the approach you take for the "washing" equipment
deployment. If you take a regional approach (f.e. close to/at your key
peering/transit points) you should be able to cope with 1Gb/s (or even
more) with the RH/Cisco Guard. The only hard limit is the pipe size and
the spare bandwidth that is available to/from the other SP: at some point
the propagated community based blackhole is the only option.
Have a look at this presentation/paper:
http://www.securite.org/presentations/ripe46/COLT-RIPE46-NF-MPLS-TrafficShunt-v1.ppt
http://ipmon.sprint.com/pubs_trs/trs/RR04-ATL-013177.pdf
Usually PPS become an issue before Mb/s depending on the HW you have on
the path to the washing machine.
Nico.
--
Nicolas FISCHBACH ([EMAIL PROTECTED]) <http://www.securite.org/nico/>
Senior Manager - IP Engineering/Security - COLT Telecom
Securite.Org Team - http://www.securite.org/
_______________________________________________
swinog mailing list
[EMAIL PROTECTED]
http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
