[c-nsp] IP RACL or CPP?
Jose
the_father at allstream.net
Tue Apr 26 15:27:23 EDT 2005
Cool. Thanks for clarifying that for me guys. Looks like I *will* have
some work to do then. :)
Jose
Rodney Dunn wrote:
>Totally agree.
>
>You put in rACL's to drop traffic you know is invalid
>and you use CPP to do even more granular stuff for
>the traffic that makes it through the rACL.
>
>Rodney
>
>On Tue, Apr 26, 2005 at 04:50:53PM +0200, Oliver Boehmer oboehmer" wrote:
>
>
>>Jose <> wrote on Tuesday, April 26, 2005 4:18 PM:
>>
>>
>>
>>>I'm trying to decide whether to implement IP RACLs or Control Plane
>>>Policing on our 7500s and I can't decide which is better. We're
>>>currently running 12.0(27)S4 and we're being asked to implement some
>>>form of security for the router itself. IP RACLs would cover this
>>>right now but there's the chance that we may upgrade the routers
>>>later this year to a version that supports CPP and I'd rather not
>>>kill myself trying to come up with an ACL that would be so
>>>complicated. Should we just go ahead and use RACLs or wait until CPP
>>>is supported? Is one better than the other? Are there major
>>>differences?
>>>
>>>
>>Well, rACL and CPP are different features which have different
>>capabilities. While an rACL can only do a yes/no decision on a packet,
>>CPP is more granular by allowing a "yes, but only at a rate of y bps".
>>
>>Both features will require you to define the traffic you want/need to
>>allow to reach your RP, so I don't think time spent designing your ACL
>>for rACL will be wasted when you move to a CPP-enabled version.
>>
>> oli
>>
>>_______________________________________________
>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>
>
>
>
>
More information about the cisco-nsp
mailing list