On Sep 12, 2011, at 12:35 PM, Nick Hilliard wrote: > On 12/09/2011 20:08, Michael K. Smith - Adhost wrote: >> How do you come to this conclusion? I think a software-based router for >> enterprise level (let's say on the 1G per provider level) can handle a >> fair amount of zorching. > > I presume by "a fair amount", I presume you mean "barely any"? > > At large packet sizes, an "enterprise level" router will just about handle > a 1G DoS attack. Thing is, bandwidth DoS / DDoS is sufficiently easy to > pull off on a large scale that a 1G DoS is pretty easy. > > Incidentally, most service providers use "enterprise level" as a by-word > for mediocre quality kit, lacking in both stability and useful features. > > Nick
In your typical enterprise environment, a 1G DoS will zorch the link long before it zorches the router at the enterprise side. I agree that software-based routers are not a good choice for a backbone provider, but, for an enterprise that is dealing with <1gbps links coming in from ≤3 providers, the difference in cost makes a software router an attractive option in many cases. Of course it is important to understand the limitations of the solution you choose, but, in such an environment, a USD100,000+ ASIC based router may be like trying to kill a mosquito with a sledge hammer. Owen
smime.p7s
Description: S/MIME cryptographic signature
