[c-nsp] ICMP and SUP720

Richard Gallagher rgallagh at cisco.com
Thu Nov 24 07:11:31 EST 2005 

Saku Ytti wrote:
> On (2005-11-23 14:02 -0800), Ronen Isaac wrote:
> 
>> Thanks Mikael,
>> That makes me feel like I am on the right track.  Just out of curiosity
>> do you know how ICMP is handled on the 720?  Is it still done in
>> software?  
> 
>  I think the bit of information you're looking for is not about 
> the ICMP to 720, but ICMP through it, and indeed ICMP through
> it is in hardware.
>  Also 720 does CoPP in hardware, so you can protect it
> very well.

Correct, ICMP through the switch should be forwarded in HW. In addition 
to CoPP there are MLS rate-limiters for ICMP to the switch:

ltd-6513-28a(config)#mls rate-limit unicast ip icmp ?
   redirect     packets requiring ICMP redirect (same VLAN)
   unreachable  packets requiring ICMP unreachable message

ltd-6513-28a(config)#

Regards, Rich

> HTH,
> 
>> Thanks again!
>>
>> Kind Regards,
>> Ronen Isaac
>> Continental Computers
>> 920 N. Nash St. Bldg B
>> El Segundo, CA 90245
>> 310/416-1200:voice
>> 310/350-8456:cell
>> 310/416-1443:fax
>> ronen at conticomp.com
>> www.conticomp.com
>> www.webuycisco.com
>> AOL IM: ccro02
>>  
>> **Your trusted partner is DEC, CISCO, COMPAQ, JUNIPER and more for over
>> 20 years.  Now Premiere Partners for Airaya wireless bridges too!
>>
>> -----Original Message-----
>> From: Mikael Abrahamsson [mailto:swmike at swm.pp.se] 
>> Sent: Wednesday, November 23, 2005 1:56 PM
>> To: Ronen Isaac
>> Subject: RE: [c-nsp] ICMP and SUP720
>>
>> On Wed, 23 Nov 2005, Ronen Isaac wrote:
>>
>>> That is exactly right.  We are planning to swap hardware but we are
>> just
>>> trying to figure out what the best solutions is.  Would you have any
>>> suggestions?  Would the 6500 with SUP720 be a good choice?  Thank you!
>> Yes, the Sup720 is a good choice. If you need full internet tables, be 
>> sure to get the XL version.
>>
>> We opted for swap of our BD blades to get ICMP Fast path on our extremes
>>
>> as well (they do this as of approximately a year), it has worked very 
>> well. We use BD, Alpine and 48si:s for distribution and Sup720 7600 or
>> GSR 
>> for core.
>>
>>> Kind Regards,
>>> Ronen Isaac
>>> Continental Computers
>>> 920 N. Nash St. Bldg B
>>> El Segundo, CA 90245
>>> 310/416-1200:voice
>>> 310/350-8456:cell
>>> 310/416-1443:fax
>>> ronen at conticomp.com
>>> www.conticomp.com
>>> www.webuycisco.com
>>> AOL IM: ccro02
>>>
>>> **Your trusted partner is DEC, CISCO, COMPAQ, JUNIPER and more for
>> over
>>> 20 years.  Now Premiere Partners for Airaya wireless bridges too!
>>>
>>> -----Original Message-----
>>> From: Mikael Abrahamsson [mailto:swmike at swm.pp.se]
>>> Sent: Wednesday, November 23, 2005 1:49 PM
>>> To: Elmar K. Bins
>>> Cc: Ronen Isaac; cisco-nsp at puck.nether.net
>>> Subject: Re: [c-nsp] ICMP and SUP720
>>>
>>> On Wed, 23 Nov 2005, Elmar K. Bins wrote:
>>>
>>>> I'm not sure whether I should ask this; maybe it sounds pretty silly
>>> to
>>>> you: Have you thought about filtering ICMP, at least ICMP traffic
>>> that's
>>>> destined for the router itself?
>>> ICMP on certain Extreme Networks platforms are handled in slow-path,
>> so
>>> there isnt much to do about it but to swap hardware.
>>>
>>> -- 
>>> Mikael Abrahamsson    email: swmike at swm.pp.se
>>>
>> -- 
>> Mikael Abrahamsson    email: swmike at swm.pp.se
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>

More information about the cisco-nsp mailing list