[c-nsp] 7600 Questions
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Mar 28 02:40:48 EDT 2008
Justin Shore <> wrote on Friday, March 28, 2008 4:31 AM:
> Mikael Abrahamsson wrote:
>> On Thu, 27 Mar 2008, Justin Shore wrote:
>>
>>> Also, you should skip the Sup720-3BXL and get the RSP720-3CXL for
>>> the same $$. And you should also get your 67xx linecards with DFCs
>>> that match the Sup as well. It's worth the added expense.
>>
>> Why do you think that it's worth the added expense initially?
>>
>> I'd say it's worth it when you start to approach 5-10MPPS (due to CFC
>> worst case limit of ~15 MPPS) but not before.
>
> It depends on how you're using your linecards. For some people it's a
> matter of the performance capabilities of the FE. For anyone with a
> 6500/7600 carrying full Internet tables or having their chassis
> publicly accessible on the Internet, it's a matter of offloading CoPP
> onto the DFC. Otherwise CoPP happens in software on the MSFC. You
> may in fact be less susceptible to being DoSed without CoPP enabled
> in chassis without DFCs. Otherwise you're opening up a path straight
> to the CPU.
I don't think this is true. CoPP on the 6500/7600 is implemented in
hardware (assuming "mls qos" is enabled): on the PFC within the Sup as
well as on the DFCs (if there are any). Please take a look at the CoPP
chapter in
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_wh
ite_paper0900aecd802ca5d6.html which describes the CoPP architecture on
this platform.
oli
More information about the cisco-nsp
mailing list