[c-nsp] Control Plane Policing
hjan
hjan at libero.it
Fri Jun 2 04:53:34 EDT 2006
Saku Ytti ha scritto:
> GSR off-loads ICMP echo replies to LC's, and to my experience they're
> done before CoPP in LC CPU. That is, they never hit CoPP rules.
> I'm not sure if I understood your explanation correctly, but if I did,
> you managed to get ICMP matched in CoPP when you pinged with larger
> than 1500 bytes, was it over the MTU?
Yes it's correct.
I found on a cisco docs about rAcl on gsr, that icmp follow the data
path LC to LC CPU, so
now i understoood why the acl isn't matched.
> If so, then I guess LC CPU
> doesn't handle fragments but passes those down to GRP/PRP, which will
> result in working CoPP.
>
I think it's correct.
> Also could you try to apply the CoPP rules in each slot separately,
> there appears to be functional differences in them. In example,
> when configured like you do, explicit-null packets never match
> CoPP, but when configured to each slot, explicit-null packets
> are matched by CoPP.
>
>
Here in italy is holiday so next monday i do other test, and i try CoPP
rules per slot.
Just a little question, do you use CoPP in a production environment?
Thanks for the help
Gianluca
Italy
More information about the cisco-nsp
mailing list