[c-nsp] CoPP and mpls explicit-null

Saku Ytti saku+cisco-nsp at ytti.fi
Tue Mar 28 08:39:34 EST 2006


Hey,

 According to CSCO it's expected that CoPP does not work when explicit-null
is configured. I've observed this behaviour in VXR (12.2(28)SB),
AS5k (12.4(7)), GSR (E0, 12.0(32)S) and NSE100 (12.2(28)SB).
In SUP720-3BXL (12.2(18)SXF3) however this appears to work fluently.
 I'm argumenting that popping explicit-null should happen in forwarding-path
before packet is handed over to control-plane. 

 So am I biased in my argumentation, am I alone with my argumentation and
just inventing stuff up because it doesn't work like I want it to work?
 Has anyone else noticed this? Does anyone else consider this rather
serious security impacting, undocumented and unexpected behaviour?

-- 
  ++ytti


More information about the cisco-nsp mailing list