[c-nsp] Sup720 CoPP, limits on CPU performance
Rodney Dunn
rodunn at cisco.com
Wed Mar 24 22:39:35 EDT 2010
You want a feature that puts every /32 receive fib entry as a "drop" or
have it a per interface configurable option?
Or have a global default that rate limits to that /32 entry in the punt
path...
Rodney
On 3/24/10 10:37 AM, Dobbins, Roland wrote:
>
> On Mar 24, 2010, at 9:34 PM, Drew Weaver wrote:
>
>> I've heard of a particular hosting provider that blocks traffic ingress to gateways, network and broadcast addresses assigned to customer 'connected' interfaces at their edge using scripts, etc but this type of thing doesn't seem like it would scale very well.
>
> Perl is your friend.
>
> ;>
>
>> It seems like it may make more sense to see if there could be a command added to IOS that denotes these VLANs or Physical interfaces as customer interfaces that tells it to protect the switch from traffic hitting these ports, but then again nothing is ever that easy.
>
> And that's precisely what Gert is talking about when he says he wants an automagic CoPP.
>
> -----------------------------------------------------------------------
> Roland Dobbins<rdobbins at arbor.net> //<http://www.arbornetworks.com>
>
> Injustice is relatively easy to bear; what stings is justice.
>
> -- H.L. Mencken
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list