[c-nsp] IOS XR 4.3.4, control-plane policing, and NTP
Daniel Suchy
danny at danysek.cz
Sat Aug 2 13:40:34 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LPTS limits (in hardware) ammount of packets from (each) linecard to
LC/RP CPU - with combination with service ACL you mentioned before can
be service reasonably protected against misuse.
On 2.8.2014 18:58, Gert Doering wrote:
> Hi,
>
> On Sat, Aug 02, 2014 at 06:03:51PM +0200, Daniel Suchy wrote:
>> Hello, this should help:
>>
>> lpts pifib hardware police flow ntp default rate 0
>>
>> Configured ntp servers uses "flow ntp known". There're many other
>> HW ratelimiters.
>
> It does "something", but that is not "do not answer", but it slows
> incoming packets down to about 2pps or so... but that's good
> enough for now.
>
> Funny stuff.
>
> gert
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlPdIpAACgkQ0m6yQqKjWoJxggCeLZY+Nmtix9vQdbXJyojQtWn2
jQoAn0yaCHVrWhU+4bC0sseHXCVWQL/3
=mXdW
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list