[c-nsp] DNS amplification
Jon Lewis
jlewis at lewis.org
Mon Mar 18 09:54:30 EDT 2013
On Mon, 18 Mar 2013, Phil Mayers wrote:
> On 03/18/2013 02:25 AM, Dobbins, Roland wrote:
>>
>> On Mar 18, 2013, at 1:40 AM, Jon Lewis wrote:
>>
>>> Cisco SNMP counters count packets before they're dropped by
>>> QoS...so all those dropped packets still "count" if you're billing
>>> by the byte.
>>
>> Same for NetFlow, except on crippled pre-Sup2T/DFC4 6500s/7600s and
>> pre-Sup7 4500s.
>
> I'm not hugely sure what QoS has to do with BCP 38, but ACL- and RPF-dropped
> flows have output interface of 0 on sup720, IME.
Not sure what I was thinking when I typed that. Either brain fart or
assumption. I suspect like 'over service-policy dropped packets', ACL/rpf
dropped packets still increment the interface/snmp counters...so for
billing purposes, all packets count...whether they're forwarded or
dropped.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list