[c-nsp] routing or blocking bogons
Spencer Garrett
srg at 2alpha.net
Thu Oct 21 22:50:46 EDT 2004
On Thu, 21 Oct 2004, Brian Vowell wrote:
> So which is faster: routing bogons to Null0 or blocking with an ACL?
It depends. :-)
Routing them to null0: (or lo0:) is faster, but that only lets you select
on destination address. u-RPF is also fast, but only lets you check the
reachability of the source address and requires you to enable CEF which
has a long history of extremely subtle bugs. If you need to examine any
other attributes to decide that a given packet is a bogon, then you'll
have to use an ACL of some form, so you might as well let the ACL block
the packet. If you want maximum speed remember to suppress the
unreachable notifications and acl logging.
Spencer
More information about the cisco-nsp
mailing list