[c-nsp] Sup720 CoPP, limits on CPU performance
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 24 04:46:01 EDT 2010
On 03/24/2010 08:39 AM, Dobbins, Roland wrote:
>
> On Mar 24, 2010, at 2:55 PM, Saku Ytti wrote:
>
>> There is no way to make IOS GSR undossable,
>
> This is incorrect. iACLs work just fine to protect GSRs, and every other hardware-based platform.
...which brings us back to having to fill a gigantic ACL with hundreds,
potentially thousands of router interface IPs from potentially arbitrary
subnets.
As I said, the router knows these IPs, so I don't understand why it
can't populate an object-group (in sufficiently recent IOS) allowing
it's use in either iACLs or CoPP.
More information about the cisco-nsp
mailing list