[c-nsp] ICMP and SUP720
Elmar K. Bins
elmi at 4ever.de
Wed Nov 23 16:39:12 EST 2005
Ronen at conticomp.com (Ronen Isaac) wrote:
> I have a customer who is looking to upgrade his current Extreme switches because they are located in a facility where ICMP scans occur regularly and the CPU gets overloaded quite often. I was thinking the SUP720 but I need to know if the 720 handles ICMP traffic in hardware instead of software? The SUP2/MSFC2 gets bogged down too quickly so I am hoping the 720 will do the trick but I can not find any hard documentation. Any thoughts, other suggestions or ideas would be greatly appreciated.
I'm not sure whether I should ask this; maybe it sounds pretty silly
to you: Have you thought about filtering ICMP, at least ICMP traffic
that's destined for the router itself?
Ingress ACLs should be done in hardware on the appropriate boards, and
not take too much CPU if not. And it should relieve your CPU from all
that stress.
Yours,
Elmar.
More information about the cisco-nsp
mailing list