On Dec 6, 2023, at 17:46, Gert Doering wrote:
I'd argue that the DNS folks recommend using EDNS0 with 1232 bytes, which
works just fine to avoid fragments...
Of course, the last true Internet flag day was in 1994, flag days aren’t
possible anymore, & this is far from universally implemented.
On Dec 6, 2023, at 04:45, Gert Doering via cisco-nsp
wrote:
deny ipv4 any any fragments
This is approach is generally contraindicated, as it tends to break EDNS0, &
DNSSEC along with it.
If the target is a broadband access network, you can use flow telemetry to
measure normal rates of
On 2 Oct 2023, at 17:10, Hank Nussbacher
mailto:h...@interall.co.il>> wrote:
cache timeout inactive 15
Kentik recommends 15s:
This is an old, out-of-date recommendation from Cisco should be retired.
5s is plenty of time for inactive flows.
___
On 2 Oct 2023, at 13:13, Hank Nussbacher via cisco-nsp
mailto:cisco-nsp@puck.nether.net>> wrote:
Does this make sense to go 1:1 which will only increase the number of Netflow
record to export? Everyone that does 1:1000 or 1:1 sampling, do you also
seen a discrepancy between Netflow
