Re: [spoofing-tf] Preparing for anti-spoofing project at $fooBig carrier
To: "Gert Doering" gert@localhost
From: "Martin Hannigan" hannigan@localhost
Date: Tue, 17 Oct 2006 07:34:53 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ajc/vTZQx9ZcWbTW8B0nzk11U2yJsiPRvX5USfL1Buoa+GYmrBD5CkmwwcsLZ1gX7GD1NUCbEFTW6sbhOzZnj4E9hl+OHDMlnFKRE/jbix8vFenV4V5CWix2UTQi/ywK2SRF7OkPy+m8h2RgF6OyJ0q4fadb1X4JFYgQceF7QDI=
On 10/17/06, Gert Doering gert@localhost wrote:
> At the edge, I'm deploying 6709's with 1gb uplinks. The future is
> obviously 10gb, which these boxes will likely deliver in their 3 to 5
> year life expectancy.
> 1. What should I expect performance wise? Im running big iron, but Im more
> concerned with my legacy little iron, ie 7500 series with 512MB RAM, etc.
... specifically, 650x/760x with Sup720 and activated "uRPF" filtering
will do all the filtering in hardware, with no noticeable impact on
For "legacy little iron", it depends on how loaded the box really is. uRPF
is done using the CEF structures (not with ACLs), so it's "fairly cheap",
but it *will* cause extra work for RSP or VIPs - and if you're already
at 95% CPU load, this might be too much. (But then you should upgrade
I'm going to start with my legacy little iron Wed of next
week. I'm going to take b/w, cpu, and mem. That should be good enough
for the notebook/FAQ as "result".
I should report back sometime then. Thanks.