[j-nsp] Network-control queue counter increases on ccc-configured interface
Saku Ytti
saku at ytti.fi
Thu Jan 26 14:00:44 EST 2012
On (2012-01-26 13:47 -0500), Keegan Holley wrote:
> The 6509 and the other L3 switch platforms (not sure about the nexus)
> come to mind here. Not sure about the CRS and ASR-9k though.
If you do 'mls qos' you magically turn on classification and scheduling in
single command, but that is not default.
> I agree it's best practice to control it. I was just saying it's not
> much of an attack vector.
I'm less confident.
> You can't not touch and not trust traffic at the same time. You trust
> it, in which case you're doing the same thing you suggest the OP
I mean don't touch and don't trust TOS, never use it for anything always
colour EXP/802.1p and trust them.
> You can always re-write the QOS bits incoming no matter what protocol you use.
Yes, but if you use MPLS, you can do QoS without mangling TOS.
--
++ytti
More information about the juniper-nsp
mailing list