[c-nsp] trace CoPP drops?
Gert Doering
gert at greenie.muc.de
Tue Dec 13 03:09:02 EST 2005
Hi,
since a few days, someone is hitting one of our border routers with
garbage traffic - and CoPP is nicely dropping the stuff, so the router
is not having problems.
Due to some oversights in setting up CoPP, it did cause some problems
initially (because some really "desirable" traffic ended up in the
strongly limited "drop all the rest" class), and now I'm annoyed, and
would like to figure out what exactly *is* being sent at us, to
step on some people's toes.
Software Counters:
Class-map: class-default (match-any)
48457500 packets, 5123472261 bytes
5 minute offered rate 169000 bps, drop rate 137000 bps
Match: any
police:
cir 32000 bps, bc 1500 bytes
conformed 41832525 packets, 3219802664 bytes; action: transmit
exceeded 6634684 packets, 1906137238 bytes; action: drop
conformed 32000 bps, exceed 132000 bps
so - is there any way to figure out what these "exceed 132000 bps" are?
I tried looking in netflow data for "dest interface null", and tried
looking in netflow data for "packets to ( all my router IPs )", but it
seems netflow isn't taking account of these packets...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list