4 edits | reply to Ignite
Re: Ellacoya Not likely to have 50k subscribers on a single CMTS unless it's *very* high density, a Cisco uBR 7246VXR fully loaded with MC16 cards will do you for maybe 6000 customers 6000 ports CMTSs are not the only box available on the market.
In the Cisco case you're talking about NBAR, which is expensive on CPU. Routers are primarily layer 2 and 3 devices, with ASIC / PIC based switching and routing engines.
Agree on application awareness for routers. But it can be done in diferent way. Regular CAM memory can support lookup for 128 bits keys, like IP destination, IP source, IP port, TOS, etc. There is no problem to drop IRC traffic (if we want to filter ALL packets out and this is what i ment), because port number and destination IP are both well known.
To say that routers are better at traffic shaping than a dedicated traffic management device which will have an ASIC or programmable IC tweaked for the sole purpose of deep packet inspection at wire speed is absurd.
i never said that router/forwarder is good in traffic shaping, but it IS good in dropping packets according to simple rule like if IP port=6776 drop the packet ALWAYS.
Just to be double certain, what you are talking about is suggesting users do a DDoS on their own ISP's equipment. You think the CMTS will be able to handle that amount of traffic?
You can call it DDoS if you wish, but the nature of the attack is different. There is no significant traffic involved - actually i suggest to cap the connections by 1K/s. My suggestions is to create multiple slow TCP connections. Talking about CMTS it can handle theoretical worst case traffic. I can not beleive that CSCO CMTS is not wirespeed. I will give look to the datasheet later.
On the upside it's impossible for a cable subscriber to generate a thousand packets a second as due to TDMA and DOCSIS timing restrictions a cable sub maxes at 160-170 packets a second upstream anyway.
No need to generate more than 160 packets/s. regular TCP connecton keepalive would be enough. see above.
»larytet.sourceforge.net/howto.shtml |
