[c-nsp] Re: access-list on C6509 not matching packets
Zitibake
zitibake at yahoo.com
Tue Feb 14 13:05:29 EST 2006
Thanks for the tips; tcam not showing anything:
core-4.mpls#sh tcam interface gig 7/2 acl out ip
permit ip any any
deny ip any any
deny ip any any
...so I will use Netflow.
The nice thing about access-lists, is that you will see even one hit to each
line. With sampled netflow... who knows what you missed? If I run unsampled
Netflow (with a gigabit port to my collector), what are the chances that a ddos
stepping through flows would cause a forwarding issue? Any ballpark numbers
for kpps (mpps?). I remember on the M20, netflow used to crash under load,
which was both a blessing and a curse. I can guarantee that the device will
not receive more than about 1gbps of aggregate traffic.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the cisco-nsp
mailing list