[c-nsp] Sup720 CoPP, limits on CPU performance

Phil Mayers p.mayers at imperial.ac.uk
Wed Mar 24 04:46:01 EDT 2010


On 03/24/2010 08:39 AM, Dobbins, Roland wrote:
>
> On Mar 24, 2010, at 2:55 PM, Saku Ytti wrote:
>
>>   There is no way to make IOS GSR undossable,
>
> This is incorrect.  iACLs work just fine to protect GSRs, and every other hardware-based platform.

...which brings us back to having to fill a gigantic ACL with hundreds, 
potentially thousands of router interface IPs from potentially arbitrary 
subnets.

As I said, the router knows these IPs, so I don't understand why it 
can't populate an object-group (in sufficiently recent IOS) allowing 
it's use in either iACLs or CoPP.


More information about the cisco-nsp mailing list