Growing DoS attacks
jabley at automagic.org
Thu Jan 17 14:36:33 UTC 2002
On Thu, Jan 17, 2002 at 03:32:21PM +0100, Vincent Gillet wrote:
> jabley at automagic.org disait :
> > > rate-limite and/or traffic filtering may be available on some
> > > box (GSR) but cannot run concurently with other feature (NetFlow).
> > I seem to have just found out that ACLs and sampled NetFlow can
> > both be configured concurrently on routers running IOS >= 12.0(18)S.
> All can be configured concurently .... but you have a message
> from line card that Netflowx has been stopped because another feature
> is activated.
Right. That is the behaviour that I have been led to believe
no longer happens past 12.0(18)S; supposedly, on 12.0(18)S and
greater, ACL and SNF can both be configured concurrently such
that both features work concurrently.
If you know different, I would love to hear about it :)
> Below is feedback i received from Cisco :
> 1. There is no incompatibilities on E0,1,3,4 but some features are not
> available on some E
> 2. For E2 in 17S, here are the priorities:
> IP Coloring
> BGP Policy accounting
> FR Traffic policing which is not FR traffic shaping
> Beside, output ACL are done at ingress (before forwarding),
> thus output ACL activate input filtering on all LC ...
That gels nicely with what I have been told; an input ACL on
an interface disables SNF on that interface, while an output ACL
on any interface disables SNF on the entire router.
More information about the NANOG