Hello, > Is there any good articles on ATM security? One problem is the current As far as that goes I think there is a whole range of DoS attacks you could fire at arp servers for example. (The CLIP stuff, rfc 1597 if I'm not mistaken.) LANE is likely not any better. Imposing different addresses is likely very trivial. > conventional firewall cannot match the throughput of ATM network. Hmm, we ran an alpha 3000/700 (225 Mhz, turbo channel based)for some firewall testing, didn't do too shabby. About 1..2k packets it can do linespeed on 2 OC3's. (forwarding) That box does about 50Mbytes/s on memory copies, and since the protocol stack at least copies once, the theoretical limit is 400Mbps, which is true. These boxes are DRAM based, so you are constrained by the speed of the ram. However some of the Ultra's (SDRAM based) I've around can do 200Mbyte/s on memcopies, so theoritically they can achieve dual OC12 speeds. (2 * 622Mbps, I'm waiting on cards to be ordered right now.) I don't have detailed results around on what the performance differences between a high end alpha and high end ultra is. (Alphas have alignment troubles, which in particular with small packets shows.) roel
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:52 PDT