[c-nsp] ARP flooding prevention
Michel Renfer
michel.renfer at finecom.ch
Fri Feb 1 07:49:05 EST 2008
Ok, thanks all for feedback. It seems that the configurations are always
generic for the whole router. It is possible to add limiting only for a
specific interfaces?
cheers,
michel
> -----Original Message-----
> From: Peter Rathlev [mailto:peter at rathlev.dk]
> Sent: Friday, February 01, 2008 1:05 PM
> To: Michel Renfer
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ARP flooding prevention
>
> Agreed, CoPP with a service-policy and maybe also using the "mls
> rate-limit unicast cef glean <pps>" and so on.
>
> Just remember that to limit these things is to limit the services that
> the supervisor is meant to deliver. You can easily put yourself in a
> situation where the DoS scenario becomes a problem earlier because of
> your rate-limiting, and then it's irrelevant that your supervisor is
> only at 50% cpu.
>
> Look at this for CoPP for Sup720:
>
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1838/product
> s_feature_guide09186a008052446b.html
> http://tinyurl.com/9sutt
>
> And for MLS rate-limiting for Sup720:
>
http://www.cisco.com/en/US/customer/prod/collateral/switches/ps5718/ps7
> 08/prod_white_paper0900aecd802ca5d6.html
> http://tinyurl.com/297d48
More information about the cisco-nsp
mailing list