[j-nsp] MX480 RE-S-2000 IGMP flood

joel jaeggli joelja at bogus.com
Fri Jan 31 10:22:39 EST 2014


On 1/31/14, 7:08 AM, Chuck Anderson wrote:
> On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote:
>> http://tools.ietf.org/search/rfc6192
>>
>> has an excellent example recipie for juniper and cisco control-plane
>> protection.
>>
>> it's a good starting off point and it covers the rational behind the
>> various elements in detail.
> 
>   "o  Permit all other IPv4 and IPv6 traffic that was not explicitly
>       matched in a class above, rate-limited to 500 kbps, and drop above
>       that rate for each category"
> 
> Why would one want a default-allow policy, even rate-limited, for the
> control-plane?

traceroute.

> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20140131/0bc2bd22/attachment.sig>


More information about the juniper-nsp mailing list