[c-nsp] Sup720 CoPP, limits on CPU performance
Dobbins, Roland
rdobbins at arbor.net
Wed Mar 24 05:10:16 EDT 2010
On Mar 24, 2010, at 3:46 PM, Phil Mayers wrote:
> ...which brings us back to having to fill a gigantic ACL with hundreds,
> potentially thousands of router interface IPs from potentially arbitrary
> subnets.
Um, no.
It means having a rational, easily-summarizable IP addressing plan for your loopbacks and p2p interfaces, so that only a few entries are required to keep unwanted packets off them. That's all.
> As I said, the router knows these IPs, so I don't understand why it
> can't populate an object-group (in sufficiently recent IOS) allowing
> it's use in either iACLs or CoPP.
This would be a good idea for a feature, but iACLs are quite doable even in its absence.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the cisco-nsp
mailing list