On Wed, 8 Dec 1999, Martin Cooper wrote:
> Niels Bakker <niels@euro.net> wrote:
>
> > If you're not running CEF, isn't that the case only for packets
> > that don't get fast-switched, i.e. all except the first one in
> > a flow?
thats the way it works with netflow - if I rember correctly this thread
started about CPU usage a 2601
netflow should be supported from 12.0 for 2600 series in IP "plus" image
<URL:http://www.cisco.com/univercd/cc/td/doc/pcat/219.htm>
>
> No, I believe that isn't the case; _all_ packets in that flow are
> process switched (at least in the most archaic versions of IOS
> we're running - 11.2(8)P, and I believe in 11.2(13)P and 11.1(24)CC
> as well).
>
> > On FastEthernet interfaces with lots of secondary addresses I'd
> > rather waste bandwidth due to a machine not honouring or receiving
> > an ICMP redirect than waste CPU cycles on the router
>
> Me too - particularly since hosts (Windows 9x and Solaris 2.x in
> particular) ignore redirects for networks on which they do not
> have IP interfaces (for security - to avoid local spoofing attacks
> I believe).
>
> > (So it's only useful if you're not running CEF on a high-speed
> > interface... hmm, I can see cisco's reasoning for not making it
> > default to on, I think. ;)
>
> I believe that it should be the default for Ciscos without CEF
> support to avoid DoS attacks.
>
> M.
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:08 EDT