[c-nsp] IOS XR 4.3.4, control-plane policing, and NTP

Daniel Suchy danny at danysek.cz
Sat Aug 2 13:40:34 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LPTS limits (in hardware) ammount of packets from (each) linecard to
LC/RP CPU - with combination with service ACL you mentioned before can
be service reasonably protected against misuse.

On 2.8.2014 18:58, Gert Doering wrote:
> Hi,
> 
> On Sat, Aug 02, 2014 at 06:03:51PM +0200, Daniel Suchy wrote:
>> Hello, this should help:
>> 
>> lpts pifib hardware police flow ntp default rate 0
>> 
>> Configured ntp servers uses "flow ntp known". There're many other
>> HW ratelimiters.
> 
> It does "something", but that is not "do not answer", but it slows
> incoming packets down to about 2pps or so...  but that's good
> enough for now.
> 
> Funny stuff.
> 
> gert
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlPdIpAACgkQ0m6yQqKjWoJxggCeLZY+Nmtix9vQdbXJyojQtWn2
jQoAn0yaCHVrWhU+4bC0sseHXCVWQL/3
=mXdW
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list