[c-nsp] ICMP and SUP720
Church, Chuck
cchurch at netcogov.com
Wed Nov 23 17:18:09 EST 2005
Depends on the destination, and type of ICMP. I don't think any device
can process ICMP totally in hardware if it is the destination. ICMP
Packets 'just passing through' the router should be handled in hardware
on the 720, as they would on the sup2/msfc2. The 720 with control plane
policing does have more protection against high CPU utilization when
itself is the target of the ICMP. What is the source of all this ICMP?
If it's malicious, policing it closer to the network edges might be a
better solution.
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 864-266-3978
cchurch at netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ronen Isaac
Sent: Wednesday, November 23, 2005 4:03 PM
To: Mikael Abrahamsson
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] ICMP and SUP720
Thanks Mikael,
That makes me feel like I am on the right track. Just out of curiosity
do you know how ICMP is handled on the 720? Is it still done in
software?
Thanks again!
Kind Regards,
Ronen Isaac
Continental Computers
920 N. Nash St. Bldg B
El Segundo, CA 90245
310/416-1200:voice
310/350-8456:cell
310/416-1443:fax
ronen at conticomp.com
www.conticomp.com
www.webuycisco.com
AOL IM: ccro02
**Your trusted partner is DEC, CISCO, COMPAQ, JUNIPER and more for over
20 years. Now Premiere Partners for Airaya wireless bridges too!
-----Original Message-----
From: Mikael Abrahamsson [mailto:swmike at swm.pp.se]
Sent: Wednesday, November 23, 2005 1:56 PM
To: Ronen Isaac
Subject: RE: [c-nsp] ICMP and SUP720
On Wed, 23 Nov 2005, Ronen Isaac wrote:
> That is exactly right. We are planning to swap hardware but we are
just
> trying to figure out what the best solutions is. Would you have any
> suggestions? Would the 6500 with SUP720 be a good choice? Thank you!
Yes, the Sup720 is a good choice. If you need full internet tables, be
sure to get the XL version.
We opted for swap of our BD blades to get ICMP Fast path on our extremes
as well (they do this as of approximately a year), it has worked very
well. We use BD, Alpine and 48si:s for distribution and Sup720 7600 or
GSR
for core.
> Kind Regards,
> Ronen Isaac
> Continental Computers
> 920 N. Nash St. Bldg B
> El Segundo, CA 90245
> 310/416-1200:voice
> 310/350-8456:cell
> 310/416-1443:fax
> ronen at conticomp.com
> www.conticomp.com
> www.webuycisco.com
> AOL IM: ccro02
>
> **Your trusted partner is DEC, CISCO, COMPAQ, JUNIPER and more for
over
> 20 years. Now Premiere Partners for Airaya wireless bridges too!
>
> -----Original Message-----
> From: Mikael Abrahamsson [mailto:swmike at swm.pp.se]
> Sent: Wednesday, November 23, 2005 1:49 PM
> To: Elmar K. Bins
> Cc: Ronen Isaac; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ICMP and SUP720
>
> On Wed, 23 Nov 2005, Elmar K. Bins wrote:
>
>> I'm not sure whether I should ask this; maybe it sounds pretty silly
> to
>> you: Have you thought about filtering ICMP, at least ICMP traffic
> that's
>> destined for the router itself?
>
> ICMP on certain Extreme Networks platforms are handled in slow-path,
so
> there isnt much to do about it but to swap hardware.
>
> --
> Mikael Abrahamsson email: swmike at swm.pp.se
>
--
Mikael Abrahamsson email: swmike at swm.pp.se
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list