[c-nsp] Stopping MLD responses & protecting CPU from MLD queries
Saku Ytti
saku at ytti.fi
Thu Jan 26 11:08:28 EST 2017
On 26 January 2017 at 13:54, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
Hey,
> Worth noting that CoPP on sup720 is done in software for multicast and
> broadcast. I assume it'll come before MLD processing so would stop the
> queries arriving and thus replies being sent, but worth testing.
>
> Although this is not the use-case OP has, we have tried and failed to
> protect a sup720 from an MLD storm with CoPP. The puny CPU and software CoPP
> just didn't help.
If you do not allow MCAST on CoPP, you will software process. If you
allow MCAST in CoPP and MLS rate-limit, you can drop them in HW.
--
++ytti
More information about the cisco-nsp
mailing list