Hi guys,
I was trying to figure out how to solve the following task:
"A couple of servers are under sync DOS attack, in order to mitigate this problem, limit new connections to 7000 per second. All the configuration must be done only using the catalyst"
Well, at this point I try to use:
1.- storm-control but this enforce a limit for unicast,broadcast or multicast type of traffic. I wish to limit just new connections.
2.-CAR via rate-limit but I could't use it at catalyst, at least at 3750.
3.-MQC, using an extended ACL to match any source to server's address and only tcp syn packets. After this, I will create a class to match this acl, and later a policy-map to do an action with the police statement.
The problem with this is that I suposse that any hit at the acl should be counted as a packet at the police statement but I'm not sure.
What do you think about my resolution using the 3rd way??
Many thanks,
Robclav
BlackBerry de movistar, allm donde estis esta tu oficin@
Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 22 2010 - 10:01:29 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART