[c-nsp] Baseline CoPP policies?
Roland Dobbins
rdobbins at arbor.net
Tue Jul 7 17:36:49 EDT 2009
On Jul 8, 2009, at 2:49 AM, Drew Weaver wrote:
> I've seen the Cisco TTL Expiry attack documentation etc, are there
> any good generalized guidelines Cisco published or not?
CoPP is very situationally specific. Suggest you use NetFlow,
classification ACL, etc. to build your policy, then do a permit-only
policy to see what was missed, then develop your policy from there.
Initial policy should be straight permit/deny via CoPP QoS syntax
(i.e., emulating a rACL); later, with more data, look at rate-limiting.
Prior to looking at CoPP, however, I strongly recommend iACLs at all
edges of the network, first.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the cisco-nsp
mailing list