[c-nsp] IP RACL or CPP?
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Apr 26 10:50:53 EDT 2005
Jose <> wrote on Tuesday, April 26, 2005 4:18 PM:
> I'm trying to decide whether to implement IP RACLs or Control Plane
> Policing on our 7500s and I can't decide which is better. We're
> currently running 12.0(27)S4 and we're being asked to implement some
> form of security for the router itself. IP RACLs would cover this
> right now but there's the chance that we may upgrade the routers
> later this year to a version that supports CPP and I'd rather not
> kill myself trying to come up with an ACL that would be so
> complicated. Should we just go ahead and use RACLs or wait until CPP
> is supported? Is one better than the other? Are there major
> differences?
Well, rACL and CPP are different features which have different
capabilities. While an rACL can only do a yes/no decision on a packet,
CPP is more granular by allowing a "yes, but only at a rate of y bps".
Both features will require you to define the traffic you want/need to
allow to reach your RP, so I don't think time spent designing your ACL
for rACL will be wasted when you move to a CPP-enabled version.
oli
More information about the cisco-nsp
mailing list