[c-nsp] Sup720 CoPP, limits on CPU performance
Gert Doering
gert at greenie.muc.de
Wed Mar 24 09:59:20 EDT 2010
Hi,
On Wed, Mar 24, 2010 at 09:24:12AM +0000, Dobbins, Roland wrote:
> Not so with iACLs, given that it's going to be relatively small and also relatively static.
For backbone-facing interfaces, I fully agree.
But you are completely ignoring customer-facing interfaces - we're (mostly)
a hosting provider today. Customer interfaces have IP addresses, and
there's no way to have them all come from a well-defined range (as
customer are very often directly connected, and customer A might use
a /29, customer B a /27 and customer C a /24).
So rACLs and/or CoPP is what we need to use.
(Of course we have iACLs on the network borders, for the core- and
external-facing stuff, but that's just not all of the IP addresses
tacked to the routers...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100324/d823ca96/attachment.bin>
More information about the cisco-nsp
mailing list