* Roland Dobbins: > The issue with this software-based router won't be NetFlow; it'll be > throughput, as you indicated, along with resiliency to attack.
Not really, forwarding 200 to 300 Mbps of attack traffic (or more) is not a problem anymore. > The day of public-facing software-based routers is really over, from > an availability perspective. That's like saying that the day of links with less than 10 Gbps of capacity are over, from an availability perspective. And if your router fails to forward an outbound DoS attack, that's actually a good thing, isn't it? In most scenarios, it's also fairly easy to restrict its impact to a single customer. Curiously, that's a point where flow-based fowarding is superior to stateless forwarding. -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp