Skip to main content

Filtering and Rate Limiting Capabilities for IP Network Infrastructure

Document Type Expired Internet-Draft (opsec WG)
Expired & archived
Author Chris Morrow
Last updated 2015-10-14 (Latest revision 2007-07-13)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Best Current Practice
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired (IESG: Dead)
Action Holders
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Ron Bonica
Send notices to,,

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


[RFC4778] lists operator practices related to securing networks. This document lists filtering and rate limiting capabilities needed to support those practices. Capabilities are limited to filtering and rate limiting packets as they enter or leave the device. Route filters and service specific filters (e.g. SNMP, telnet) are not addressed. Capabilities are defined without reference to specific technologies. This is done to leave room for deployment of new technologies that implement the capability. Each capability cites the practices it supports. Current implementations that support the capability are cited. Special considerations are discussed as appropriate listing operational and resource constraints, limitations of current implementations, trade-offs, etc.


Chris Morrow

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)