On May 21, 2014, at 9:31 PM, Roland Dobbins <rdobb...@arbor.net> wrote:
> > On May 22, 2014, at 8:11 AM, Charles Sprickman <sp...@bway.net> wrote: > >> It seems unwise (and complicated) to add an ingress flow statement on every >> subinterface. > > How is it unwise and complicated? Complicated in that we have hundreds of interfaces. Unwise in that my gut tells me enabling it on hundreds of subscriber interfaces is going to exhaust some resource that I’m not aware of. That’s probably just paranoia, but without knowing the inner workings of the platform I can’t really say. > Enable it, it's done. Simple. > >> If I could just add an “ingress” and “egress” statement to each of my two >> transit connections, that seems more ideal. Is this something I should >> *not* do on modern hardware? > > Check with Cisco - it's caused issues on other platforms in the past. > > But I don't understand your rationale for not wanting visibility into all > your traffic passing through the routers in question. You don't want > traceback for outbound/crossbound traffic emanating from your subscribers? That’s just it - it’s not “routers”, but a single router with two transit connections and a bunch of subs. I’m only concerned with looking at traffic to/from the internet, not any inter-subscriber traffic. If we were larger and had a need for a “core” and “edge” and I only wanted to look at transit traffic, I can see the ingress-only recommendation being quite simple. Thanks, Charles > ---------------------------------------------------------------------- > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > Equo ne credite, Teucri. > > -- Laocoön > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/