>
>
> I have a few questions about IP packet filtering routers:
>
> (1) Are there any IP packet filtering routers that allow the user to
> change the filters dynamically without shut-down?
The Network Systems routers allow you to download a new filter set and
implimenting it without shuting the router down.u
>
> (2) What is the maximum number of IP addresses that a router can
> filter in one direction? What is the performance impact to filter
> say, on 500 IP addresses for inbound?
The NSC router may have as many filters as memory allows, the largest number I
have heard of to date is aroung 5000.
As to the performance impact I don't recall the exact number but it was
somewhere in the 10-15% range. The router has multiple filter points so it is
easier to define filters where apprpriate. For example, the current IP address
spoofing problems can be handled by the input filters, then at a higher level
you deal with the protocols such as FTP etc.
>
> (3) Which routers can filter on inbound? How good/bad do they perform?
>
The NSC can filter on both input and output, and there are seperate filters
for each port, ethernet, T/r, FDDI, or sync. Performance as above.
> I appreciate any help.
>
> Fatima Yu (fatimayu @
ptp .
hp .
com)
>
>
Any time.
References:
|
|
