[c-nsp] sup720 protection on the 6500/7600

Phil Mayers p.mayers at imperial.ac.uk
Sat Feb 17 16:18:26 EST 2007


Saku Ytti wrote:

> CoPP is the tool for the job, of course you should also implement iACL
> and iPolicer in IXP/Transit borders.

Agreed

>  'mls ip cef rate-limit' in all possible scenarios I can think of is
> evil. Consider you're running L3 box, with some routing protocol,

I agree. BUT, the OP should remember that this:

mls ip cef rate-limit

and this:

mls rate-limit

...are different. The latter (set of options) should ALWAYS be set in my 
opinion. Thankfully the most important ones are on by default.



More information about the cisco-nsp mailing list