[c-nsp] Control Plane Policing (CoPP) implementation report
Rodney Dunn
rodunn at cisco.com
Tue Feb 22 08:58:05 EST 2005
John,
Very good writeup. It's been passed over
to the folks responsible for CoPP and
they will look at some of the enhancements
you said would be nice to have.
One thing though, you should be able to match arp:
class-map match-all arp
match protocol arp
Rodney
On Mon, Feb 21, 2005 at 04:49:32PM -0600, John Kristoff wrote:
> A relatively new feature in IOS for a select set of trains and platforms
> is Control Plane Policing (CoPP). In a nutshell, this feature is meant
> to help minimize unnecessary traffic that hits the control plane of the
> router. The most obvious example is to provide some protection from DoS
> attacks, whether aimed at the router or those that induce the router to
> receive and process packets (e.g. IP broadcasts).
>
> A couple months ago I had asked a question related to CoPP and based on
> the lack of response I had gotten here an in other forums, I concluded
> that there isn't a lot of actual deployment of this feature yet. In the
> expectation that some others may want to actually turn this stuff on, I
> figured it might help if they could see someone else's implementation
> notes. It certainly would have helped me. My notes are here:
>
> <http://aharp.ittns.northwestern.edu/papers/copp.html>
>
> John
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list