[c-nsp] ACL or ratelimit ttl-failure
Saku Ytti
saku+cisco-nsp at ytti.fi
Tue Apr 4 06:27:12 EDT 2006
On (2006-04-04 12:06 +0200), Bas wrote:
Hey,
> "debug ip packet detail" shows me that most of the load is caused by
> the PRP sending ICMP type=11, code=0 packets.
> 95% of the ICMP packets generated are destined for the networks of a
> single peer.
>
> On the sup720 there are special rate-limiters for this, but cant find
> information how to do this on a PRP-1
I think your best bet is CoPP and RACL. But remember that when running
IOS these live in your LC CPU, not in hardware, LC CPU can handle
lot more than PRP, but not anywhere near wire-rate.
--
++ytti
More information about the cisco-nsp
mailing list