[c-nsp] DOS Mitigation on MPLS Networks

Mike Bernico mbernico at illinois.net
Tue Apr 12 16:45:07 EDT 2005


This technique does work in a VRF as well, however I'd recommend being
careful and test a lot... 

I've seen much weirdness when using recursive routes inside a VRF,
especially on the 7600.  The issues with the 7600 are resolved in
12.2.18SXD4, but I'd tread lightly.

Mike Bernico


-----Original Message-----
From: christopher_a_kane at bankone.com
[mailto:christopher_a_kane at bankone.com] 
Sent: Tuesday, April 12, 2005 11:34 AM
To: christian.macnevin at uk.bnpparibas.com
Cc: cisco-nsp-bounces at puck.nether.net; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] DOS Mitigation on MPLS Networks

Have you had a chance to review and consider some of the popular
methods? 
(maybe not related specifically to MPLS);

http://www.nanog.org/mtg-0110/greene.html

Here is a listing from the NANOG archives with several links;

http://www.merit.edu/mail.archives/nanog/2004-09/msg00827.html

-chris

Chris Kane
CCIE #14430
JP Morgan Chase - Infrastructure Operations Center
(614) 213-2923





This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you.


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list