[c-nsp] trace CoPP drops?

John Kristoff jtk at northwestern.edu
Tue Dec 13 21:23:34 EST 2005


On Tue, 13 Dec 2005 09:09:02 +0100
Gert Doering <gert at greenie.muc.de> wrote:

> Due to some oversights in setting up CoPP, it did cause some problems
> initially (because some really "desirable" traffic ended up in the
> strongly limited "drop all the rest" class), and now I'm annoyed, and
> would like to figure out what exactly *is* being sent at us, to
> step on some people's toes.

Unfortunately the ability to peek into what is being dropped by
CoPP is limited.  Cisco is aware of this problem, I've complained a
few times about it to people who can do something about it and I've
been told that is something that will be addressed in the future.
	
> I tried looking in netflow data for "dest interface null", and tried
> looking in netflow data for "packets to ( all my router IPs )", but it
> seems netflow isn't taking account of these packets...

Nope it probably doesn't.  It doesn't on the 6509/720 platform anyway.

John


More information about the cisco-nsp mailing list