[c-nsp] Control Plane Policing (CoPP) implementation report

Rodney Dunn rodunn at cisco.com
Tue Feb 22 13:45:29 EST 2005 

I don't see how that can be an issue since it's
/*currently*/ done in software.

The think to be aware of for that platform
is the hardware based rate limiters that
work before CoPP at the RP.

Rodney

On Tue, Feb 22, 2005 at 09:33:46AM -0500, JR Mayberry wrote:
> 
> TAC said that wasn't actually supported (?)... I believe there's an error 
> message when you attempt to configure it.
> You can still rate limit ARP w/ "mls protocol" though.
> 
> 
> On Tue, 22 Feb 2005, Rodney Dunn wrote:
> 
> > John,
> >
> > Very good writeup.  It's been passed over
> > to the folks responsible for CoPP and
> > they will look at some of the enhancements
> > you said would be nice to have.
> >
> > One thing though, you should be able to match arp:
> >
> > class-map match-all arp
> > match protocol arp
> >
> >
> > Rodney
> >
> >
> >
> > On Mon, Feb 21, 2005 at 04:49:32PM -0600, John Kristoff wrote:
> >> A relatively new feature in IOS for a select set of trains and platforms
> >> is Control Plane Policing (CoPP).  In a nutshell, this feature is meant
> >> to help minimize unnecessary traffic that hits the control plane of the
> >> router.  The most obvious example is to provide some protection from DoS
> >> attacks, whether aimed at the router or those that induce the router to
> >> receive and process packets (e.g. IP broadcasts).
> >>
> >> A couple months ago I had asked a question related to CoPP and based on
> >> the lack of response I had gotten here an in other forums, I concluded
> >> that there isn't a lot of actual deployment of this feature yet.  In the
> >> expectation that some others may want to actually turn this stuff on, I
> >> figured it might help if they could see someone else's implementation
> >> notes.  It certainly would have helped me.  My notes are here:
> >>
> >>   <http://aharp.ittns.northwestern.edu/papers/copp.html>
> >>
> >> John
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >

More information about the cisco-nsp mailing list