Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
5
Helpful
1
Replies

Traffic from Routing Protocol

kevin.hu
Level 3
Level 3

‎01-10-2007 09:45 AM - edited ‎03-03-2019 03:19 PM

Hi,

I am just wondering if a DOS attack saturates a link, does a routing protocol keepalive/Hello packet still have the highest priority to be sent out the link by default or do I have to set up some kind of QOS to prevent this from happening? I remember from somewhere that traffic generates from the router has the highest priority by default. Can someone show me a documentation? Thank you!

Labels:
0 Helpful
1 Reply 1

kamal-learn
Level 4
Level 4

‎01-10-2007 11:27 AM

hi

yes indeed QOS is one of the solutions that mitigate DOS or distributed DOS attacks if used correctly i.e all control protocols including hellos.. have an ip precedence of 6 or 7 so if you assign other traffics those ip precende you may run into some issues since the control protocols will have the same priority in treatement as that traffic with 6 or 7.

also if you configure qos this control protocols will have 25 percent of the available bandwidth by default UNLESS YOU TOuch the command max-reserved-bandwidth.

but qos only is not sufficient ie if a hacker send tousands or handreds of thousand of fragmented packet that will eat up all your CPU so you end up with crashed router, same if some send a lot of half open tcp session , or half open udp that will eat up your memory..

so qos with other tools can help mitigate that kind of attacks but still DOS attack remains one the most difficult to eliminate totaly. other tools are specialized devices IPS IDS PIX ASA...

HTH

do rate if it helps

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card