 |
 |
|||||||||||||||||||
|
||||||||||||||||||||
|
Re: how to priority for important packet on FR link ? posted 12/06/2002
|
notFrom: "Joe Wong" <vr2zjw@xxxxxxxxxxx> To: "li jun" <liuyang1976@xxxxxxxxxxx>,<security@xxxxxxxxxxxxxx> Subject: Re: how to priority for important packet on FR link ? Date: Fri, 6 Dec 2002 17:44:28 +0800
How about:
A access-list to identify the TCP with SYN flag
acceess-list 120 deny tcp any any established accesss-list 120 permit tcp any any rate-limit input access-group 120 800000 8000 8000 conform-action transmit exceed-action drop
Since the access-list capture the TCP SYN packet only, other traffic is
theyaffected. ----- Original Message ----- From: "li jun" <liuyang1976@xxxxxxxxxxx> To: <security@xxxxxxxxxxxxxx> Sent: Friday, December 06, 2002 2:47 PM Subject: how to priority for important packet on FR link ?
> Cisco guys and security exper,
>
> I have a question need your help
>
> my customer have a internet router, use Frame Relay link to outside.
> find there has some TCP flooding packet attack their router FRinterface,
> then want to use CAR to limit the attack packet. at the same time, theythe
> want to guarantee the VoIP, OSPF routing packet, BGP routing packet won
not
> be affect and no delay. how should we do?
>
> I try this
> 1. CAR the TCP flooding attack to 800K
> 2. Since VoIP, OSPF, BGP's PRI is 5 by default. so I just set CBWFQ on
> router to make sure VoIP, OSPF, BGP flow go through without delay.shapping?
>
>
> anything do I need to do? Do I need to do Frame Relay traffic
> thanks in advance > > regs/li jun > > > > > _________________________________________________________________ > Cb7QOBTX MSN Explorer: http://explorer.msn.com/lccn >
