[45114] in North American Network Operators' Group
Re: Growing DoS attacks
daemon@ATHENA.MIT.EDU (Vincent Gillet)
Thu Jan 17 09:33:35 2002
Date: Thu, 17 Jan 2002 15:32:21 +0100
From: Vincent Gillet <vgi@zoreil.com>
To: Joe Abley <jabley@automagic.org>
Cc: nanog@merit.edu
Message-ID: <20020117143221.GE10536@opentransit.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <20020117092210.W5577@buffoon.automagic.org>
Errors-To: owner-nanog-outgoing@merit.edu
jabley@automagic.org disait :
> > rate-limite and/or traffic filtering may be available on some
> > box (GSR) but cannot run concurently with other feature (NetFlow).
>
> I seem to have just found out that ACLs and sampled NetFlow can
> both be configured concurrently on routers running IOS >= 12.0(18)S.
All can be configured concurently .... but you have a message
from line card that Netflowx has been stopped because another feature
is activated.
Below is feedback i received from Cisco :
1. There is no incompatibilities on E0,1,3,4 but some features are not
available on some E
2. For E2 in 17S, here are the priorities:
ACLs
SNF
PIRC
IP Coloring
BGP Policy accounting
FR Traffic policing which is not FR traffic shaping
Beside, output ACL are done at ingress (before forwarding),
thus output ACL activate input filtering on all LC ...
Vincent.
