[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

Subject: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
From: saku at ytti.fi (Saku Ytti)
Date: Sat, 1 Oct 2016 13:43:16 +0300
In-reply-to: <[email protected]>
References: <[email protected]> <CAAeewD_1TnVonfgXkurDy=uun9mP66j6QzV=hm8Cm+c=pWj4-w@mail.gmail.com> <CAJWk1pTkkFaDf6y=jibd76Fyudep3J7CtWivkuiy1d3CR-3Z+Q@mail.gmail.com> <[email protected]>

On 1 October 2016 at 10:03, Pedro <piotr.1234 at interia.pl> wrote:
> We had situations, that we lost all our bgp sessions, not even only on ports
> where flood was coming. Just cpu overloaded. I don't care about support too
> much, there are cheap enough to have spare.

What is the device you're trying to protect? Perhaps it supports
reasonable CoPP features so that you can protect it directly on
itself. To do this CoPP on neighbouring switch, you'll need unique
policer for each and every BGP session and ARP, your switch may not
support this and it is provisioning nightmare.

-- 
  ++ytti

References:
- nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
  - From: piotr.1234 at interia.pl (Pedro)

Prev by Date: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
Next by Date: Root Zone DNSSEC Operational Update -- ZSK length change
Previous by thread: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
Next by thread: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos
Index(es):
- Date
- Thread