[c-nsp] Bogon Filter - Least Resource/CPU intensive method?
Justin M. Streiner
streiner at cluebyfour.org
Thu Mar 6 14:08:01 EST 2008
On Thu, 6 Mar 2008, Phil Mayers wrote:
> It depends on the platform, but on 6500s at least I know you get an
> output interface of 0.
>
> Sadly you get an output interface of 0 for a whole lot of other stuff,
> including glean failures (i.e. couldn't arp for the next hop), RPF
> failures and also traffic to the box e.g. SSH sessions.
That's what I was thinking of before. On the router itself, it will
usually represent the interface as Null0 in the output of something like
"show ip cache flow".
Your other option would be to use an RTBH type solution to shunt the
offending traffic to an outside box for more detailed analysis.
jms
More information about the cisco-nsp
mailing list