Growing DoS attacks

• Previous message (by thread): Growing DoS attacks
• Next message (by thread): Growing DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 17, 2002 at 03:32:21PM +0100, Vincent Gillet wrote:
> jabley at automagic.org disait :
> 
> > > rate-limite and/or traffic filtering may be available on some
> > > box (GSR) but cannot run concurently with other feature (NetFlow).
> > 
> > I seem to have just found out that ACLs and sampled NetFlow can
> > both be configured concurrently on routers running IOS >= 12.0(18)S.
> 
> All can be configured concurently .... but you have a message
> from line card that Netflowx has been stopped because another feature
> is activated.

Right. That is the behaviour that I have been led to believe
no longer happens past 12.0(18)S; supposedly, on 12.0(18)S and
greater, ACL and SNF can both be configured concurrently such
that both features work concurrently.

If you know different, I would love to hear about it :)

> Below is feedback i received from Cisco :
> 
> 1. There is no incompatibilities on E0,1,3,4 but some features are not
> available on some E
> 2. For E2 in 17S, here are the priorities:
>     ACLs
>     SNF
>     PIRC
>     IP Coloring
>     BGP Policy accounting
>     FR Traffic policing which is not FR traffic shaping
> 
> Beside, output ACL are done at ingress (before forwarding),
> thus output ACL activate input filtering on all LC ...

That gels nicely with what I have been told; an input ACL on
an interface disables SNF on that interface, while an output ACL
on any interface disables SNF on the entire router.


Joe

• Previous message (by thread): Growing DoS attacks
• Next message (by thread): Growing DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]