On (2012-11-26 16:13 +0100), Adam Vitkovsky wrote: > >In PFC3 CoPP your ISIS will hit 'class-default' and you can't discriminate > good or bad ISIS there. > Right but one should be able to limit that to a reasonable pps rate right?
Sure. But obviously only if you don't run ISIS. If you actually do run ISIS, it's extremely silly notion, same as downgrading your control-plane CPU. Also if you use 'class-default' anywhere in PFC3, you eat away your superman label lookup capability, end result is VPN-CAM cannot be used and your L3 MPLS VPN traffic is always recirculated (not really that big of a deal for most) So you should avoid it, if you can, and instead use something like 'class IP' which is ACL 'any any'. -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
