OS10 Enterprise Edition User Guide Release 10.4.1.0

PDF

Control-plane policing

Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets.

If the rate of control packets towards the CPU is higher than the packet rate that the CPU can handle, CoPP provides a method to selectively drop some of the control traffic so that the CPU can process high-priority control traffic. You can use CoPP to rate-limit traffic through each CPU port queue of the network processor (NPU).

CoPP applies policy actions on all control-plane traffic. The control-plane class map does not use any match criteria. To enforce rate-limiting or rate policing on control-plane traffic, create policy maps. You can use the control-plane command to attach the CoPP service policies directly to the control-plane.

The default rate limits apply to 12 CPU queues and the protocols mapped to each CPU queue. The control packet type to CPU ports control queue assignment is fixed. The only way you can limit the traffic towards the CPU is choose a low priority queue, and apply rate-limits on that queue to find a high rate of control traffic flowing through that queue.

By default CoPP traffic towards the CPU is classified into different queues as shown in the following table.

Table 1. CoPP queues. CoPP queues
Queue Protocol

0

IPv6

1

 

2

IGMP

3

VLT, NDS

4

ICMPv6, ICMPv4

5

ARP Requet, ICMPV6-RS-NS, ISCSI snooping, ISCSI-COS

6

ICMPv6-RA-NA, SSH, TELNET,TACACS, NTP,FTP

7

RSTP,PVST, MSTP,LACP

8

Dot1X,LLDP, FCOE-FPORT

9

BGPv4, OSPFv6

10

DHCPv6, DHCPv4, VRRP

11

OSPF Hello, OpenFlow

See show control-plane info for information on the current protocol to queue mapping and the rate-limit configured per queue.


Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\