[c-nsp] do i *need* DFCs on the 6500?

Jared Mauch jared at puck.nether.net
Wed Sep 2 09:03:18 EDT 2009


On Sep 2, 2009, at 8:48 AM, Drew Weaver wrote:

> Not to thread hijack here, but speaking of withstanding DoS attacks,  
> has anyone seen any decent published baseline configurations for  
> CoPP to deflect things similar to TTL Expiry attacks and the like?  
> Perhaps some sort of template they use (if they can share it) would  
> be really nice.

ttl expire can be protected with mls rate limiters. 10 100 seems plenty.

- jared


More information about the cisco-nsp mailing list