[c-nsp] Need help with IPv6 CoPP

Adam Vitkovsky adam.vitkovsky at swan.sk
Tue May 7 03:31:28 EDT 2013


Hi Rolf
That's right OSPF has many built in mechanisms to handle excessive traffic
in either incoming or outgoing direction. 
Check out: 
ignore
limit
max-lsa
queue-depth
timers
ttl-security

As regards to CoPP. 
OSPFv3 should be using addresses from FF02 Multicast link-local address
sub-range: 
FF02::5 all OSPF routers
FF02::6 all OSPF designated routers
So you should be able to limit the permit range to these two. 


adam

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Dobbins, Roland
Sent: Monday, May 06, 2013 6:51 PM
To: cisco-nsp NSP
Subject: Re: [c-nsp] Need help with IPv6 CoPP


On May 6, 2013, at 11:11 PM, Rogelio Gamino wrote:

> At that stage, neighbors agree on Master/Slave relationship before moving
to "exchange" DBD's.

Unless you're doing OSPF with an external organization and anticipate an
attack (either deliberate or inadvertent) from the adjacent router(s), why
not leave OSPF out of it entirely, and instead concentrate on traffic which
is layer-3-agile?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list