[c-nsp] Sup720 CoPP, limits on CPU performance
Tim Durack
tdurack at gmail.com
Tue Mar 23 09:03:26 EDT 2010
On Tue, Mar 23, 2010 at 8:56 AM, Chris Griffin <cgriffin at ufl.edu> wrote:
> The testing I did was about a year ago, but as I recall, with our default
> deny any policy, traffic to hosts with no current ARP adjacency would fail.
> As soon as the glean rate limiter was enabled, traffic started to flow
> normally. Further tested demonstrated the limitation with ACL behavior and
> due our heavy use of outbound ACLs, we elected to track each interface IP in
> an object group and apply heavy deny policies to those bits while allowing
> glean and other unclassified traffic to hit a rate limited permit policy.
That is the direction we are headed. Seems stoopid though.
--
Tim:>
More information about the cisco-nsp
mailing list