[c-nsp] routing or blocking bogons
Dan Armstrong
dan at beanfield.com
Thu Oct 21 22:07:53 EDT 2004
If you have early linecards on GSR (like E0, E1, and E2 a bit) that are
not great with ACLs, or on E2 cards where they can be suported in
hardware in 1 directon only, routing all of your deny, deny, deny, deny,
permit lists to null0 is a great way around the problem.
Dan.
Rodney Dunn wrote:
>Routing them to Null0 with unreachables turned
>off will be the fastest you can get.
>
>Unless it's a hardware forwarding platform
>that does ACL's in hardware hence it probably
>wouldn't matter much either way.
>
>Rodney
>
>On Thu, Oct 21, 2004 at 06:21:59PM -0700, Brian Vowell wrote:
>
>
>>So which is faster: routing bogons to Null0 or blocking with an ACL?
>>
>>
>>--b
>>
>>_______________________________________________
>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list