[c-nsp] Sup720 CoPP, limits on CPU performance

Dobbins, Roland rdobbins at arbor.net
Wed Mar 24 09:18:47 EDT 2010


On Mar 24, 2010, at 6:51 PM, Saku Ytti wrote:

> Take hosting customer, their default GW is PE, would you add all of these addresses to 100k's of iACL
> when ever new customer is provisioned?

Apologies, I don't get it.  

There's a 'permit IP any any' at the end of the iACL after the explicit denies for one's own netblocks; for something which you want pingable via hosting/colo customers, like a default gateway in the case you describe, just use QoS.

Note that the default gateway will be drawn from the access netblockss, not the infrastructure netblocks covered by  the iACL.

There's no need to add all the hosting/colo customers to the iACLs, that I can see . . . 

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken






More information about the cisco-nsp mailing list