[c-nsp] 7600 Questions
Justin Shore
justin at justinshore.com
Thu Mar 27 23:31:03 EDT 2008
Mikael Abrahamsson wrote:
> On Thu, 27 Mar 2008, Justin Shore wrote:
>
>> Also, you should skip the Sup720-3BXL and get the RSP720-3CXL for the
>> same $$. And you should also get your 67xx linecards with DFCs that
>> match the Sup as well. It's worth the added expense.
>
> Why do you think that it's worth the added expense initially?
>
> I'd say it's worth it when you start to approach 5-10MPPS (due to CFC
> worst case limit of ~15 MPPS) but not before.
It depends on how you're using your linecards. For some people it's a
matter of the performance capabilities of the FE. For anyone with a
6500/7600 carrying full Internet tables or having their chassis publicly
accessible on the Internet, it's a matter of offloading CoPP onto the
DFC. Otherwise CoPP happens in software on the MSFC. You may in fact
be less susceptible to being DoSed without CoPP enabled in chassis
without DFCs. Otherwise you're opening up a path straight to the CPU.
I always recommend people get the DFCs if their chassis is going to be
publicly accessible. The risk today is too great to not have them in
those scenarios.
Justin
More information about the cisco-nsp
mailing list