On Wed, May 5, 2010 at 13:39, Rick Mur <rmur_at_ipexpert.com> wrote:
> For 100% separated control- and data-planes I don't think it's necessary.
... unless the network devices themselves is under attack, or more
likely, the network is having a suicide attempt (networkcide?) as
Geert described.
In any case, CoPP is one of those things that's very nice as a
concept, but you need to be very very careful when deploying and
understand what and from whom you are protecting.
Personally, I believe the feature is much more oriented towards
service provider markets, than enterprises. SP networks are usually
devoid of firewalls and traditionally there has been very little
protection of the networks itself. In enterprise networks, there is
comfort in having firewalls just about everywhere (I've even seen them
deployed as core devices :-) ).
-- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert YES! We include 400 hours of REAL rack time with our Blended Learning Solution! Mailto: markom_at_ipexpert.com Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Web: http://www.ipexpert.com/ Blogs and organic groups at http://www.ccie.netReceived on Wed May 05 2010 - 14:10:06 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART