There was some concern running class-map based Nimda filtering on routers. I
have heard of cases where routers have 'hung' because of the load the router
has to go through. We have tried the other method of redirecting all http
traffic to our cache engine and letting the filtering be done there. Even in
this case our cache engine packed up and went into a comatose state. So we
then stopped Nimda filtering and resorted to the tiresome manual method of
warning our customers and administrators of Nimda originating networks.
Any real difference between running the class-map filter with a pure ACL and
in this case via a ACL/route-map combo. Of course the pure ACL method is not
recommended due to high load -anything else?
Any comments?
-nick
> > class-map match-any UnwantedTraffic
> > description Traffic we drop right away
> > match protocol http url "*.ida*"
> > match protocol http url "*cmd.exe*"
> > match protocol http url "*root.exe*"
> > match protocol http url "*readme.eml*"
> > match protocol http url "*httpdodbc.dll*"
> > match protocol http url "*Admin.dll*"
> > !
> > policy-map Trash
> > class UnwantedTraffic
> > set ip dscp 1
> > !
> > Interface x
> > service-policy input Trash
> > ip policy route-map null_policy_route
> > !
> > access-list 104 permit ip any any dscp 1
> > !
> > route-map null_policy_route permit 10
> > match ip address 104
> > set interface Null0
> > !
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:59 EDT