That is a good document , I think this part answers my question , from below we should read packets per second as new connections per second , i.e. if the servers you are protecting can handle the 50000 new connections per second and is protected by a 3050 , you would not need a Syn flood protection using RED to be below the 50000 capable by the 3050. Maybe slightly lesser , but not significantly lesser ? The case is different for Syn cookies as they are more precise on what they drop, i.e. they just drop sessions from clients that do not respond to SYN cookies , most likely spoofed ones. "That means that the packets-per-second metric actually stands for new attempted sessions-per-second. For example in the case of SYN floods, 10,000 pps means 10,000 new SYNs per second. The reason we mention this as pps and not cps (connections per second) is because the session has not been created in the session table yet. It is a half connection"
... View more