On 08/11/2010 17:04, Mack McBride wrote:
The lack of hardware IPv6 uRPF is an issue. I doubt this can be fixed in software.
nope, it can't. This is a hardware problem.
Properly configuring CoPP is a black art. I have done two major CoPP rollouts and there are a lot of caveats on the configuration side.
Uh, your use of "properly" here suggests that there is a "proper" way to configure CoPP on the platform. I'd suggest that there are just better and worse ways, that "better" is very subtly different from much worse, that in many cases it's hardware version dependent, and in all cases it requires that you know about how all of the various components of CoPP interact with each other (e.g. rate limiter peculiarities, vanilla CoPP, egress ACLs and glean/punt behaviour). As you say, it's quite the black art.
Nick _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
