spare swamp space?

Steve,

I too have a similar setup for my network since we as well
run an Efnet irc server, however, CAR really won't do much if
you set it up inside your own network. The smurf will still enter
and saturate your pipes. The best thing to do is to have your upstreams
setup rate-limits on their side of your pipes so the feed coming into your
router is limited before it even hits your router.

Here is a question though, what kind of CPU drain does rate-limiting cause
on the CPU of the routers running it? I flipped through CCO and couldn't find
any information regarding this...

My limited experience is that if you run CEF on the interface concerned,
life is bearable. If you don't, it isn't. If you run < 11.1.17?? CA
where fast discards and routes to null0 were introduced, life is
disastrous.

Alex Bligh
GX Networks (formerly Xara Networks)

That's Odd, because with my experience with it, the destination (for example,
irc.lightning.net) gets the committed access rate you set, however, the pipes are
still flooded and connectivity to the outside world is poor to nil. You would still
have to agree that by having the upstream providors set the rate-limits is the safest
and most effective interim solution until something can be done permanently about
this oh so wonderful attack :slight_smile:

Alex Bligh wrote:

I've got it up on 3 7206s as global options (meaning it is automatically
introduced to all interfaces) and it dropped my CPU by 3 points.