[c-nsp] Sup720 CoPP, limits on CPU performance

Jimmy Changa jimmy.changa007 at gmail.com
Mon Mar 22 18:39:20 EDT 2010


Can any provide links to good documentation? I've read through the cisco
docs, but I'm interested in reading about other folks implementations.

Jimmy Changa via Droid

On Mar 22, 2010 4:52 PM, "Phil Mayers" <p.mayers at imperial.ac.uk> wrote:

On 03/22/2010 07:21 PM, Saku Ytti wrote:
>
> On (2010-03-22 19:05 +0100), Peter Rathlev wrote:
>
>> ...
In general this is a reasonable starting point, but the OP should be aware
that traffic which is not destined to the box, most notably packets punted
to CPU for arp lookup (glean) have CoPP applied, so a deny on any particular
class of traffic will mean packets matching the ACL can never trigger a
glean lookup.

Whether this is important or not will depend on your traffic patterns; it
makes default-denying SSH if you have unix boxes tricky, for example.


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
h...


More information about the cisco-nsp mailing list