Cisco Support Community
Community Member

Traffic from Routing Protocol


I am just wondering if a DOS attack saturates a link, does a routing protocol keepalive/Hello packet still have the highest priority to be sent out the link by default or do I have to set up some kind of QOS to prevent this from happening? I remember from somewhere that traffic generates from the router has the highest priority by default. Can someone show me a documentation? Thank you!


Re: Traffic from Routing Protocol


yes indeed QOS is one of the solutions that mitigate DOS or distributed DOS attacks if used correctly i.e all control protocols including hellos.. have an ip precedence of 6 or 7 so if you assign other traffics those ip precende you may run into some issues since the control protocols will have the same priority in treatement as that traffic with 6 or 7.

also if you configure qos this control protocols will have 25 percent of the available bandwidth by default UNLESS YOU TOuch the command max-reserved-bandwidth.

but qos only is not sufficient ie if a hacker send tousands or handreds of thousand of fragmented packet that will eat up all your CPU so you end up with crashed router, same if some send a lot of half open tcp session , or half open udp that will eat up your memory..

so qos with other tools can help mitigate that kind of attacks but still DOS attack remains one the most difficult to eliminate totaly. other tools are specialized devices IPS IDS PIX ASA...


do rate if it helps

CreatePlease to create content