On (2010-03-25 13:42 -0400), Tim Durack wrote: > But it's fixed, right? > CSCed75920 says: > Fixed-In > 12.2(17d)SXB1 > 12.2(18)SXD > > (I really want to police all ip at the end of my CoPP policy, and the > mls glean rate-limiter appears to allow me to do that.) I tried to reproduce the issue and failed, so it is fixed for about 6 years I guess. Also the CoPP profile I described in the first reply to OP I've been running since 2006 on close to 100 boxes without any changes to the rules, so it definitely is feasible in real-life network to run such policy.
Policy was tested against 30Mpps DoS (2x10GE) with numerous different attack vectors, only attack vectors which did work were IS-IS and IXP attack. During all other attacks IS-IS, LDP and iBGP stayed up and CLI responsiveness didn't change, only way to see that attack was going on was to check counters. -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
