[j-nsp] MX480 RE-S-2000 IGMP flood
joel jaeggli
joelja at bogus.com
Fri Jan 31 10:22:39 EST 2014
On 1/31/14, 7:08 AM, Chuck Anderson wrote:
> On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote:
>> http://tools.ietf.org/search/rfc6192
>>
>> has an excellent example recipie for juniper and cisco control-plane
>> protection.
>>
>> it's a good starting off point and it covers the rational behind the
>> various elements in detail.
>
> "o Permit all other IPv4 and IPv6 traffic that was not explicitly
> matched in a class above, rate-limited to 500 kbps, and drop above
> that rate for each category"
>
> Why would one want a default-allow policy, even rate-limited, for the
> control-plane?
traceroute.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20140131/0bc2bd22/attachment.sig>
More information about the juniper-nsp
mailing list