[c-nsp] Sup720 CoPP, limits on CPU performance
Rodney Dunn
rodunn at cisco.com
Wed Mar 24 22:44:30 EDT 2010
While we were crafting the first COPP draft for OPSEC we did have a lot
of debate about how/if/when we could couple COPP with iACL's. Our
decision was to keep it minimalistic and simplistic to "Router Control
Plane Protection" aka: COPP for the illustration.
I was thinking that a good iACL Informational would be good and it was
mentioned in the WG meeting last night again.
I saw this:
http://tools.ietf.org/wg/opsec/draft-ietf-opsec-infrastructure-security/
I'm not sure why it didn't move further. I'll see what I can find out.
Rodney
On 3/24/10 10:13 AM, Gert Doering wrote:
> Hi,
>
> On Wed, Mar 24, 2010 at 01:18:47PM +0000, Dobbins, Roland wrote:
>> Note that the default gateway will be drawn from the access netblockss, not the infrastructure netblocks covered by the iACL.
>
> Now we're talking. I assumed that you wanted to include *all* IP addresses
> configured on routers in the iACL - and that's quite impractical.
>
> ... and this is why I want "properly-implemented" rACLs and/or CoPP, to
> protect those IP addresses that can't be put in iACLs.
>
> gert
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list