[c-nsp] SUP720 - 12.2(18)SXF17
Bob Snyder
rsnyder at toontown.erial.nj.us
Fri Oct 9 11:04:20 EDT 2009
On Oct 8, 2009, at 5:32 AM, Marcus.Gerdon wrote:
> The ever more widespread abuse of traceroute (before someone starts
> arguing: yes, I call permanent use of mtr and alike for end-user
> pseudo-monitoring 'network abuse') is something you'll be forced
> into limiting to protect your network at some point in time despite
> the complaints of some customers not understanding the technology
> behind.
Oh, my comments weren't intended to say you shouldn't rate-limit TTL,
only that there needs to be user/other network admin education along
with the change so that people don't use traceroute to try to prove a
non-existant problem. Probably a bigger deal for ISPs; I know we have
routers that I am confident will show drops on any given traceroute
during peak times.
On Oct 9, 2009, at 9:16 AM, Jared Mauch wrote:
> There are a lot of rate-limiters available, check out 'show mls rate-
> limit' on your Earl7 (76k, ie: (65|76)00) based device. Set them low
> to avoid problems. I find 100/10 works well.
One note here is that I believe there's only 8 or so hardware rate
limiters available, so you'll probably run into issues if you try and
use more. Probably not a concern for most, but if you're doing a lot
of different rate-limiters, it may impact you.
Bob
More information about the cisco-nsp
mailing list