[c-nsp] Sup720 CoPP, limits on CPU performance

Gert Doering gert at greenie.muc.de
Wed Mar 24 09:59:20 EDT 2010


Hi,

On Wed, Mar 24, 2010 at 09:24:12AM +0000, Dobbins, Roland wrote:
> Not so with iACLs, given that it's going to be relatively small and also relatively static.

For backbone-facing interfaces, I fully agree.  

But you are completely ignoring customer-facing interfaces - we're (mostly)
a hosting provider today.  Customer interfaces have IP addresses, and 
there's no way to have them all come from a well-defined range (as 
customer are very often directly connected, and customer A might use 
a /29, customer B a /27 and customer C a /24).

So rACLs and/or CoPP is what we need to use.

(Of course we have iACLs on the network borders, for the core- and
external-facing stuff, but that's just not all of the IP addresses
tacked to the routers...)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100324/d823ca96/attachment.bin>


More information about the cisco-nsp mailing list