[c-nsp] IP RACL or CPP?
Rodney Dunn
rodunn at cisco.com
Tue Apr 26 14:12:09 EDT 2005
Totally agree.
You put in rACL's to drop traffic you know is invalid
and you use CPP to do even more granular stuff for
the traffic that makes it through the rACL.
Rodney
On Tue, Apr 26, 2005 at 04:50:53PM +0200, Oliver Boehmer oboehmer" wrote:
> Jose <> wrote on Tuesday, April 26, 2005 4:18 PM:
>
> > I'm trying to decide whether to implement IP RACLs or Control Plane
> > Policing on our 7500s and I can't decide which is better. We're
> > currently running 12.0(27)S4 and we're being asked to implement some
> > form of security for the router itself. IP RACLs would cover this
> > right now but there's the chance that we may upgrade the routers
> > later this year to a version that supports CPP and I'd rather not
> > kill myself trying to come up with an ACL that would be so
> > complicated. Should we just go ahead and use RACLs or wait until CPP
> > is supported? Is one better than the other? Are there major
> > differences?
>
> Well, rACL and CPP are different features which have different
> capabilities. While an rACL can only do a yes/no decision on a packet,
> CPP is more granular by allowing a "yes, but only at a rate of y bps".
>
> Both features will require you to define the traffic you want/need to
> allow to reach your RP, so I don't think time spent designing your ACL
> for rACL will be wasted when you move to a CPP-enabled version.
>
> oli
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list