[j-nsp] Network-control queue counter increases on ccc-configured interface

Saku Ytti saku at ytti.fi
Thu Jan 26 14:00:44 EST 2012


On (2012-01-26 13:47 -0500), Keegan Holley wrote:
 
> The 6509 and the other L3 switch platforms (not sure about the nexus)
> come to mind here.  Not sure about the CRS and ASR-9k though.

If you do 'mls qos' you magically turn on classification and scheduling in
single command, but that is not default.

> I agree it's best practice to control it.  I was just saying it's not
> much of an attack vector.

I'm less confident.

> You can't not touch and not trust traffic at the same time.  You trust
> it, in which case you're doing the same thing you suggest the OP

I mean don't touch and don't trust TOS, never use it for anything always
colour EXP/802.1p and trust them.

> You can always re-write the QOS bits incoming no matter what protocol you use.

Yes, but if you use MPLS, you can do QoS without mangling TOS.

-- 
  ++ytti


More information about the juniper-nsp mailing list