On 1/31/14, 7:08 AM, Chuck Anderson wrote: > On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote: >> http://tools.ietf.org/search/rfc6192 >> >> has an excellent example recipie for juniper and cisco control-plane >> protection. >> >> it's a good starting off point and it covers the rational behind the >> various elements in detail. > > "o Permit all other IPv4 and IPv6 traffic that was not explicitly > matched in a class above, rate-limited to 500 kbps, and drop above > that rate for each category" > > Why would one want a default-allow policy, even rate-limited, for the > control-plane?
traceroute. > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp