On Thu, Nov 13, 2003 at 01:54:33PM +0100, Anders Lowinger wrote: > >It only takes x num. of kpps with diverse destinations to knock off a > >router running flow based caching. > > Yep, that is true and its hard to work around. > > >Extreme switches use flow based caching (called ipfdb) and any DoS > >attack that uses diverse destinations will kill it pretty quickly.. > > Cisco's newer stuff does the flow-cache independent of the forwarding, > i.e. the flow is more of an accounting cache.
With CEF enabled, the flow cache (NetFlow) is only for accounting etc. purposes, and is not involved in forwarding. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
