[c-nsp] Stopping MLD responses & protecting CPU from MLD queries

Phil Mayers p.mayers at imperial.ac.uk
Thu Jan 26 11:41:53 EST 2017


On 26/01/2017 16:08, Saku Ytti wrote:
> On 26 January 2017 at 13:54, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> Hey,
>
>> Worth noting that CoPP on sup720 is done in software for multicast and
>> broadcast. I assume it'll come before MLD processing so would stop the
>> queries arriving and thus replies being sent, but worth testing.
>>
>> Although this is not the use-case OP has, we have tried and failed to
>> protect a sup720 from an MLD storm with CoPP. The puny CPU and software CoPP
>> just didn't help.
>
> If you do not allow MCAST on CoPP, you will software process. If you
> allow MCAST in CoPP and MLS rate-limit, you can drop them in HW.

Box-wide though, right? No way to only do this on the IXP interface with 
MLS RL.


More information about the cisco-nsp mailing list