On Oct 8, 2009, at 5:32 AM, Marcus.Gerdon wrote:
The ever more widespread abuse of traceroute (before someone starts arguing: yes, I call permanent use of mtr and alike for end-user pseudo-monitoring 'network abuse') is something you'll be forced into limiting to protect your network at some point in time despite the complaints of some customers not understanding the technology behind.
Oh, my comments weren't intended to say you shouldn't rate-limit TTL, only that there needs to be user/other network admin education along with the change so that people don't use traceroute to try to prove a non-existant problem. Probably a bigger deal for ISPs; I know we have routers that I am confident will show drops on any given traceroute during peak times.
On Oct 9, 2009, at 9:16 AM, Jared Mauch wrote:
There are a lot of rate-limiters available, check out 'show mls rate- limit' on your Earl7 (76k, ie: (65|76)00) based device. Set them low to avoid problems. I find 100/10 works well.
One note here is that I believe there's only 8 or so hardware rate limiters available, so you'll probably run into issues if you try and use more. Probably not a concern for most, but if you're doing a lot of different rate-limiters, it may impact you.
Bob _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
