[c-nsp] ACK/RST rate-limit?
Gert Doering
gert at greenie.muc.de
Wed Nov 5 02:55:58 EST 2008
Hi,
On Tue, Nov 04, 2008 at 05:20:39PM +0100, Nemeth Laszlo wrote:
> So the question: can i limit the number of ACK/RST packets/sec what the
> router send back to the SYN sender?
Yes. Check www.cisco.com for "control-plane policing" (CoPP) - this
is exactly what you need.
It needs a bit of consideration what sort of packets the router is meant
to receive ("routing protocols", anyone?) and you should lab-test it before
rolling out on production routers.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20081105/2402e125/attachment.bin>
More information about the cisco-nsp
mailing list