Mailing List Archive

Hey Nick--

Kept silent hoping someone on the list pointed you in the right direction. You get any help from the rest of the world?

--Dave Peters
________________________________
From: foundry-nsp [foundry-nsp-bounces@puck.nether.net] on behalf of Nick Adams [nick@ramnode.com]
Sent: Monday, March 14, 2016 10:38 AM
To: foundry-nsp@puck.nether.net
Subject: [f-nsp] MLX ICMPv6 Rate-limit

Hello,

Does anyone know a way to rate-limit inbound ICMPv6 on an MLX / XMR?

Regards,

Nick Adams
RamNode - CEO
nick@ramnode.com<mailto:nick@ramnode.com>
Skype: RamNode

Hi Dave,



Nothing so far. I hope that doesn't indicate we're out of luck.



Regards,



Nick Adams

RamNode - CEO

<mailto:nick@ramnode.com> nick@ramnode.com

Skype: RamNode



From: Dave Peters - Terabit Systems [mailto:Dave@terabitsystems.com]
Sent: Tuesday, March 15, 2016 12:31 PM
To: Nick Adams <nick@ramnode.com>; foundry-nsp@puck.nether.net
Subject: RE: [f-nsp] MLX ICMPv6 Rate-limit



Hey Nick--

Kept silent hoping someone on the list pointed you in the right direction.
You get any help from the rest of the world?

--Dave Peters

_____

From: foundry-nsp [foundry-nsp-bounces@puck.nether.net] on behalf of Nick
Adams [nick@ramnode.com]
Sent: Monday, March 14, 2016 10:38 AM
To: foundry-nsp@puck.nether.net <mailto:foundry-nsp@puck.nether.net>
Subject: [f-nsp] MLX ICMPv6 Rate-limit

Hello,



Does anyone know a way to rate-limit inbound ICMPv6 on an MLX / XMR?



Regards,



Nick Adams

RamNode - CEO

nick@ramnode.com <mailto:nick@ramnode.com>

Skype: RamNode

It looks like there is support for ipv6 acl-based rate-limiting,
although I have never tried it. Something like:

ipv6 access-list testv6acl
permit icmp any any

int e 1/1
rate-limit input access-group name ipv6 testv6acl

might work.

Be sure to check the long list of exclusions and caveats in the
"traffic management configuration guide" (ie. only on physical
interfaces, need to run ipv6 rebind-acl after changes, etc).

--
Eldon Koyle


On Tue, Mar 15, 2016 at 10:42 AM, Nick Adams <nick@ramnode.com> wrote:
> Hi Dave,
>
>
>
> Nothing so far. I hope that doesn’t indicate we’re out of luck.
>
>
>
> Regards,
>
>
>
> Nick Adams
>
> RamNode - CEO
>
> nick@ramnode.com
>
> Skype: RamNode
>
>
>
> From: Dave Peters - Terabit Systems [mailto:Dave@terabitsystems.com]
> Sent: Tuesday, March 15, 2016 12:31 PM
> To: Nick Adams <nick@ramnode.com>; foundry-nsp@puck.nether.net
> Subject: RE: [f-nsp] MLX ICMPv6 Rate-limit
>
>
>
> Hey Nick--
>
> Kept silent hoping someone on the list pointed you in the right direction.
> You get any help from the rest of the world?
>
> --Dave Peters
>
> ________________________________
>
> From: foundry-nsp [foundry-nsp-bounces@puck.nether.net] on behalf of Nick
> Adams [nick@ramnode.com]
> Sent: Monday, March 14, 2016 10:38 AM
> To: foundry-nsp@puck.nether.net
> Subject: [f-nsp] MLX ICMPv6 Rate-limit
>
> Hello,
>
>
>
> Does anyone know a way to rate-limit inbound ICMPv6 on an MLX / XMR?
>
>
>
> Regards,
>
>
>
> Nick Adams
>
> RamNode - CEO
>
> nick@ramnode.com
>
> Skype: RamNode
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

Thank you - that was helpful!

Regards,

Nick Adams
RamNode - CEO
nick@ramnode.com
Skype: RamNode

-----Original Message-----
From: foundry-nsp [mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Eldon Koyle
Sent: Tuesday, March 15, 2016 4:02 PM
To: foundry-nsp <foundry-nsp@puck.nether.net>
Subject: Re: [f-nsp] MLX ICMPv6 Rate-limit

It looks like there is support for ipv6 acl-based rate-limiting, although I have never tried it. Something like:

ipv6 access-list testv6acl
permit icmp any any

int e 1/1
rate-limit input access-group name ipv6 testv6acl

might work.

Be sure to check the long list of exclusions and caveats in the "traffic management configuration guide" (ie. only on physical interfaces, need to run ipv6 rebind-acl after changes, etc).

--
Eldon Koyle


On Tue, Mar 15, 2016 at 10:42 AM, Nick Adams <nick@ramnode.com> wrote:
> Hi Dave,
>
>
>
> Nothing so far. I hope that doesn’t indicate we’re out of luck.
>
>
>
> Regards,
>
>
>
> Nick Adams
>
> RamNode - CEO
>
> nick@ramnode.com
>
> Skype: RamNode
>
>
>
> From: Dave Peters - Terabit Systems [mailto:Dave@terabitsystems.com]
> Sent: Tuesday, March 15, 2016 12:31 PM
> To: Nick Adams <nick@ramnode.com>; foundry-nsp@puck.nether.net
> Subject: RE: [f-nsp] MLX ICMPv6 Rate-limit
>
>
>
> Hey Nick--
>
> Kept silent hoping someone on the list pointed you in the right direction.
> You get any help from the rest of the world?
>
> --Dave Peters
>
> ________________________________
>
> From: foundry-nsp [foundry-nsp-bounces@puck.nether.net] on behalf of Nick
> Adams [nick@ramnode.com]
> Sent: Monday, March 14, 2016 10:38 AM
> To: foundry-nsp@puck.nether.net
> Subject: [f-nsp] MLX ICMPv6 Rate-limit
>
> Hello,
>
>
>
> Does anyone know a way to rate-limit inbound ICMPv6 on an MLX / XMR?
>
>
>
> Regards,
>
>
>
> Nick Adams
>
> RamNode - CEO
>
> nick@ramnode.com
>
> Skype: RamNode
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp