Still wont protect against the next buffer overflow in ntpd :(
Sent from a mobile device
> On 3 Aug 2014, at 3:40, Daniel Suchy wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> LPTS limits (in hardware) ammount of packets from (each) linecard to
> LC/RP CPU - with combination wit
List,
There's a document that's open for editing (at least for now) with a
few sections of handy cli aliases the list may find useful; I'm
assuming the vast majority of this list don't interactively log in to
a router or have fully adopted sdn-centric management approaches, but
for the rare times
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
LPTS limits (in hardware) ammount of packets from (each) linecard to
LC/RP CPU - with combination with service ACL you mentioned before can
be service reasonably protected against misuse.
On 2.8.2014 18:58, Gert Doering wrote:
> Hi,
>
> On Sat, Aug 0
Hi,
On Sat, Aug 02, 2014 at 07:40:34PM +0200, Daniel Suchy wrote:
> LPTS limits (in hardware) ammount of packets from (each) linecard to
> LC/RP CPU - with combination with service ACL you mentioned before can
> be service reasonably protected against misuse.
Understood. Still doesn't explain wh
Hi,
On Sat, Aug 02, 2014 at 06:03:51PM +0200, Daniel Suchy wrote:
> Hello,
> this should help:
>
> lpts pifib hardware police
> flow ntp default rate 0
>
> Configured ntp servers uses "flow ntp known". There're many other HW
> ratelimiters.
It does "something", but that is not "do not answer",
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
this should help:
lpts pifib hardware police
flow ntp default rate 0
Configured ntp servers uses "flow ntp known". There're many other HW
ratelimiters.
With regards,
Daniel
On 2.8.2014 17:27, Gert Doering wrote:
> Hiya,
>
> I'm confused.
Hiya,
I'm confused. I have this new and shiny ASR9001 with IOS XR on it, with
supposedly totally superior local services access control, and stuff.
So, I configure:
control-plane
management-plane
inband
interface all
allow all peer
address ipv4 1.1.1.0/24
address ipv6 2001:1
Hi,
The 'preempt delay' element means that it won't go active for xxx seconds _if_
there is a lower priority instance already visible. However - if the other
instance is _not_ visible, then it goes active immediately.
In your case, I suspect there was a layer-2 adjacency issue (maybe an STP
re
Are you using any ACL filtering on the VLAN if so is udp port 1985 permitted ?
Jey S.
Network Engineer
CCIE #41608
Sent from my iPhone
> On 2 Aug 2014, at 11:48, Gert Doering wrote:
>
> Hi,
>
>> On Fri, Aug 01, 2014 at 04:16:04PM -0400, Randy wrote:
>> PRIMARY ROUTER VLAN X:
>> standby version
Hi,
On Fri, Aug 01, 2014 at 04:16:04PM -0400, Randy wrote:
> PRIMARY ROUTER VLAN X:
> standby version 2
> standby 0 ip x.x.x.x
> standby 0 priority 150
> standby 0 preempt delay minimum 600
This is what we use, and it used to work fine.
Test it... "debug standby terse" and then shu/noshu o
Hi,
Sure 802.17 RPR is meant to supersede the STP for loop avoidance, faster
convergence and better BW efficiency.
However in order to deploy it all nodes in the ring have to support it.
All ME series switches should support it.
Though I'd recommend upgrading the kit to MPLS capable ME switches
11 matches
Mail list logo