From: azhar mumtaz (azharmumtaz2000@yahoo.com)
Date: Wed Dec 12 2007 - 13:05:46 ART
Hi Everyone:
I have few questions for you. I will appreciate if you
could please provide some feedback.
1)If we have to prevent DOS attack in BGP . Lets say
we have a specific route on R1 with a defined
community and we are advertising it to our ibgp
neighbors, R2 and R3. R2 and R3 will recieve this
specific community and we want to limit the rate-limit
the traffic to 256000 bps on R2 and R3. How can we do
it.
I do know about black-holing techique, but in this
case we want to rate limit the traffic.
I am reading the following document but not sure if
this is the right approach
Configuring QoS Policy Propagation via Border Gateway
Protocol
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfprop.htm#wp1001177
2)If we have to configure a router to send an SNMP
trap if the CPU usage is 50 percent. We need to send
the trap to a particular host lets say 1.2.3.4 with a
community string CISCO
snmp-server host 1.2.3.4 traps CISCO
snmp-server enable traps cpu threshold
But I am not able to find out an option where I can
configure the value 50 percent. On CCO, I found the
following option, please let me know if I am wrong
process cpu threshold type {total | process |
interrupt} rising percentage interval seconds [falling
percentage interval seconds]
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_cput.htm
3) RATE-LIMIT:
If we have to rate-limit the traffic to 512 kbps with
minimum burst, do we have to configure be and bc as 0
or do we have to configure bc as 1.5*512 and be as
2*bc
Best Regards
Azhar
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:30 ARST