Filtering and Rate Limiting Capabilities for IP Network Infrastructure

Document Type Expired Internet-Draft (opsec WG)
Author Chris Morrow 
Last updated 2015-10-14 (latest revision 2007-07-13)
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Ron Bonica
Send notices to,,

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


[RFC4778] lists operator practices related to securing networks. This document lists filtering and rate limiting capabilities needed to support those practices. Capabilities are limited to filtering and rate limiting packets as they enter or leave the device. Route filters and service specific filters (e.g. SNMP, telnet) are not addressed. Capabilities are defined without reference to specific technologies. This is done to leave room for deployment of new technologies that implement the capability. Each capability cites the practices it supports. Current implementations that support the capability are cited. Special considerations are discussed as appropriate listing operational and resource constraints, limitations of current implementations, trade-offs, etc.


Chris Morrow (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)