[c-nsp] Stopping MLD responses & protecting CPU from MLD queries

Phil Mayers p.mayers at imperial.ac.uk
Fri Jan 27 10:07:11 EST 2017


On 27/01/2017 14:04, adamv0025 at netconsultings.com wrote:
>> Saku Ytti
>> Sent: Thursday, January 26, 2017 4:51 PM
>>
>> On 26 January 2017 at 18:41, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>>> Box-wide though, right? No way to only do this on the IXP interface
>>> with MLS RL.
>>
>> Unfortunately no. I guess per DFC should be possible, unsure if it's
>> supported.
>>
> Should be possible to have one rate-limiter for MLD messages sourced from
> infrastructure addresses and other rate-limiter for MLD messages sourced
> from any other addresses, right?

Well... no. MLS rate-limiters they are a single box-global value. You 
can't distinguish between sources - you need to use CoPP for that which 
is mutually exclusive with MLS RLs on that platform.


More information about the cisco-nsp mailing list