[c-nsp] CSCuy29638 - MPLS (for IPv4) Brokenness Fixed - ASR920
Saku Ytti
saku at ytti.fi
Fri Aug 5 11:05:01 EDT 2016
On 5 August 2016 at 16:01, Gert Doering <gert at greenie.muc.de> wrote:
> I'm not sure about *this* interface wedge bug, but if it's similar to the
> original one, if your CoPP policer lets even 1% of the packets through,
> you're still toast - just slower. With NTP, of course you have permit
> rules in your CoPP config, so depending on which NTP servers you talk
> to, nastygrams can still arrive...
Not all packets cause the wedge. If your CoPP allows NTP from your
configured NTP servers, but not from others, you're fine. I.e.
reasonable CoPP, allow what you must, drop rest.
> (OTOH if you have a CoPP rule that says "drop all that might be harmful",
> I'm all ears)
--
++ytti
More information about the cisco-nsp
mailing list