[c-nsp] Control-Plane Filters/ACLs
Dobbins, Roland
rdobbins at arbor.net
Fri Dec 3 12:30:25 EST 2010
On Dec 3, 2010, at 11:30 PM, Bill Blackford wrote:
> Are there some templates or examples I can find?
<https://files.me.com/roland.dobbins/prguob>
> I haven't played much with CoPP and don't hear a lot of accolades for doing this.
CoPP works quite well on platforms which support it in hardware, such as 6500/7600, GSR, ASR, and CRS. On software-based platforms, it's a wash, given that it's the same general-purpose processor(s) handling all the traffic classification/forwarding logic.
OTOH, iACLs at your edges should probably be the first step, as you get a lot of reward for the effort of doing this, and then you can move down to more box-specific CoPP policies later.
> The other obvious question would be "does this run in hardware or in software?". Hmm, doubt if the packet ASICs are processing ACL's.
This is platform/LC/OS/revision/train-specific.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
More information about the cisco-nsp
mailing list