[c-nsp] Nexus 7k CoPP
Dobbins, Roland
rdobbins at arbor.net
Mon May 24 00:09:03 EDT 2010
On May 24, 2010, at 10:55 AM, Lincoln Dale wrote:
> actually, CoPP is not hard as such because if anything you don't have to be specific as to what the 'destination' is, since its only ever matching against traffic already destined to control-plane,
Sure, but you must do it for *every device*, whereas iACLs can be deployed only at one's edges.
I definitely recommend starting out with what's effectively a permit/deny rACL-equivalent for CoPP, then becoming more and more specific later, as more operational experience is gained.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the cisco-nsp
mailing list