[c-nsp] Broadcast storm control
Daniel Dib
daniel.dib at reaper.nu
Fri Nov 9 07:44:06 EST 2007
Citerar Saku Ytti <saku+cisco-nsp at ytti.fi>:
> On (2007-11-08 10:18 +0000), Phil Mayers wrote:
>
>> mls qos protocol arp police 10 pps per-mac
>>
>> A single host can kick out thousands of ARP requests/sec and thus
>> trigger the rate limiter which then stops all ARP requests on all
>> interfaces :o(
>
> Indeed, essentially you just ask box to fall over earlier. Other
> bit silly toggles are box wide unknown unicast rate-limiter (PFC3C)
> and most silly of them all CEF receive rate-limiter.
>
> --
> ++ytti
This is true that it would be a nice feature. Essentially a degraded
service is better than no service at all. Sure you will drop some valid
packets but some will also go through. If you don't use it the whole
router will be inaccessible which is worse from my point of view.
I don't know your topology but I'm not sure why you would want to
connect customers directly to a 7600? Why not put a router or l3-device
in between, then broadcasts will be filtered anyway.
/Daniel
More information about the cisco-nsp
mailing list