[c-nsp] CoPP
Richard A Steenbergen
ras at e-gerbil.net
Sun Jul 2 20:58:42 EDT 2006
Couple CoPP questions...
Question #1, is there any possible way to do logging of the packets it
matches? I should be matching everything valid in other classes, but I'm
still getting traffic to the default class.
Hardware Counters:
class-map: class-default (match-any)
Match: any
police :
512000 bps 32000 limit 32000 extended limit
Earl in slot 2 :
4753166 bytes
5 minute offered rate 70920 bps
aggregate-forwarded 4753166 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 68840 bps exceed 0 bps
Software Counters:
Class-map: class-default (match-any)
157226 packets, 43003944 bytes
5 minute offered rate 115000 bps, drop rate 0 bps
Match: any
police:
cir 512000 bps, bc 32000 bytes, be 64000 bytes
conformed 157248 packets, 43010388 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
violated 0 packets, 0 bytes; action: drop
conformed 115000 bps, exceed 0 bps, violate 0 bps
So far the best solution I've come up with is to make my own default class
which references an acl, and then try every possible combination of packet
with that ACL to see what makes the counters increment. Is there ANY
mechanism to just log the damn match so I don't have to go that route? It
doesn't need to be rate limited or safe for production use, just for
figuring out if there are any legitimate packets hitting it so I can
revise CoPP policies.
Question #2, how are isis/clns packets handled with regard to CoPP? I
already tried matching them in a class-map, and it would not apply, but
I'm wondering if those packets might be making their way to the default
class. Also, does:
mls qos protocol ISIS pass-through
Impact the processing of CoPP in any way?
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the cisco-nsp
mailing list