[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cheap LSN/CGN/NAT444 Solution

Subject: Cheap LSN/CGN/NAT444 Solution
From: simon at per.reau.lt (Simon Perreault)
Date: Mon, 30 Jun 2014 08:42:15 -0400
In-reply-to: <[email protected]>
References: <CAEUfUGPNj4t9nntSSu8nrHns4KiMearDuUhygs2pXcpJ9pg-FA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

Le 2014-06-30 06:12, Roland Dobbins a Ã©crit :
>> what is needed however is session timeouts.
> This can help, but it isn't a solution to the botted/abusive machine problem.  They'll just keep right on pumping out packets and establishing new sessions, 'crowding out' legitimate users and filling up the state-table, maxing the CPU.  Embryonic connection limits and all that stuff aren't enough, either.

Why? Cause that (per-subscriber limits on ports and memory) is exactly 
what we recommend in RFC 6888...

Simon

Follow-Ups:
- Cheap LSN/CGN/NAT444 Solution
  - From: rdobbins at arbor.net (Roland Dobbins)

References:
- Cheap LSN/CGN/NAT444 Solution
  - From: skeeve+nanog at eintellegonetworks.com (Skeeve Stevens)
- Cheap LSN/CGN/NAT444 Solution
  - From: rdrake at direcpath.com (Robert Drake)
- Cheap LSN/CGN/NAT444 Solution
  - From: rdobbins at arbor.net (Roland Dobbins)
- Cheap LSN/CGN/NAT444 Solution
  - From: tony at wicks.co.nz (Tony Wicks)
- Cheap LSN/CGN/NAT444 Solution
  - From: rdobbins at arbor.net (Roland Dobbins)

Prev by Date: Cheap LSN/CGN/NAT444 Solution
Next by Date: Cheap LSN/CGN/NAT444 Solution
Previous by thread: Cheap LSN/CGN/NAT444 Solution
Next by thread: Cheap LSN/CGN/NAT444 Solution
Index(es):
- Date
- Thread