[c-nsp] Control Plane Policing (CoPP) implementation report

John Kristoff jtk at northwestern.edu
Mon Feb 21 17:49:32 EST 2005


A relatively new feature in IOS for a select set of trains and platforms
is Control Plane Policing (CoPP).  In a nutshell, this feature is meant
to help minimize unnecessary traffic that hits the control plane of the
router.  The most obvious example is to provide some protection from DoS
attacks, whether aimed at the router or those that induce the router to
receive and process packets (e.g. IP broadcasts).

A couple months ago I had asked a question related to CoPP and based on
the lack of response I had gotten here an in other forums, I concluded
that there isn't a lot of actual deployment of this feature yet.  In the
expectation that some others may want to actually turn this stuff on, I
figured it might help if they could see someone else's implementation
notes.  It certainly would have helped me.  My notes are here:

  <http://aharp.ittns.northwestern.edu/papers/copp.html>

John


More information about the cisco-nsp mailing list