Create a Post
Showing results for 
Search instead for 
Did you mean: 

DOS rate limiting real life performance

Just wanted to hear from those who have deployed DOS rate limiting option (How to configure Rate Limiting rules for DoS Mitigation (R80.20 and higher) )

I realise that FWs are not really DDOS appliances and are not there to prevent such attacks but it would be interesting to hear if you have worked and seen CP DOS rate limiter in action!

We had some "real life tests" recently on 23800. That was proper UDP volume attack in attempt to fill the internet pipe. 

We have 16 SXL cores (HT), running R80.40 T139. normally carrying < 1M pps. Attack pushed it to 18Mpps and FW survived. Of course internet connectivity was a bit patchy due to RX-DRP on interface. SXL cores were pushed to 100% understandably. One before was little milder at 7Mpps and FW feared better than. Graph below shows half of the incoming packet rate





Here's just a sample of one SXL core CPU load:




The feeling I get is that with current 16 SXL core setup we could probably survive 5Mpps  without any problems.

Just to be clear - I refer to packets per second, bit bits 🙂

Anyone else has played with DOS rate limiter? Are you "happy" with it?

0 Kudos
1 Reply
This widget could not be displayed.