[c-nsp] Sup720 CoPP, limits on CPU performance
Jimmy Changa
jimmy.changa007 at gmail.com
Mon Mar 22 18:39:20 EDT 2010
Can any provide links to good documentation? I've read through the cisco
docs, but I'm interested in reading about other folks implementations.
Jimmy Changa via Droid
On Mar 22, 2010 4:52 PM, "Phil Mayers" <p.mayers at imperial.ac.uk> wrote:
On 03/22/2010 07:21 PM, Saku Ytti wrote:
>
> On (2010-03-22 19:05 +0100), Peter Rathlev wrote:
>
>> ...
In general this is a reasonable starting point, but the OP should be aware
that traffic which is not destined to the box, most notably packets punted
to CPU for arp lookup (glean) have CoPP applied, so a deny on any particular
class of traffic will mean packets matching the ACL can never trigger a
glean lookup.
Whether this is important or not will depend on your traffic patterns; it
makes default-denying SSH if you have unix boxes tricky, for example.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
h...
More information about the cisco-nsp
mailing list