tcp hostcache and ip fastforward for review
Jesper Skriver
jesper at FreeBSD.org
Thu Nov 13 14:33:53 PST 2003
On Thu, Nov 13, 2003 at 01:54:33PM +0100, Anders Lowinger wrote:
> >It only takes x num. of kpps with diverse destinations to knock off a
> >router running flow based caching.
>
> Yep, that is true and its hard to work around.
>
> >Extreme switches use flow based caching (called ipfdb) and any DoS
> >attack that uses diverse destinations will kill it pretty quickly..
>
> Cisco's newer stuff does the flow-cache independent of the forwarding,
> i.e. the flow is more of an accounting cache.
With CEF enabled, the flow cache (NetFlow) is only for accounting etc.
purposes, and is not involved in forwarding.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
More information about the freebsd-net
mailing list