[c-nsp] Control-Plane CEF-exception subinterface

German Martinez gmartine at opentransit.net
Tue Sep 19 11:45:03 EDT 2006


On Mon Sep 18, 2006, Saku Ytti wrote:

> When dCEF is disabled, all frames are software switched.

What do you mean with software switched? If there is no forwarding table on the LC, I guess the MSFC should be
question about switching decisions.  Am I right?

> > How is the communication between LC and RP when a packet needs to be
> > process switched?
> 
> I'm not 100% sure what is being asked here, but if dCEF is disabled in
> 7600/LC, you're not process switching, you're still CEF switching but in
> software in MSFC. And indeed, frames that are punted for MSFC will be evaluted

Good.  My bad.  I called process switching to packets punted to the MSFC because there was no FIB at the LC due to
CED disabled.

> against CoPP rules, even if they are just transit packets. Which is from my
> point of view bit silly, example which I like to use is take IXP where you're
> receiving packets violating your antispoofing ACL (that is packets from
> your PA address coming in from IXP) you want to know which IXP neighbour
> is sending these packets so you insert log-input statement to the deny ACE
> for given PA, now, if you run CoPP you must permit the packet in CoPP
> so that MSFC will be able to log and drop it, if it's not allowed by CoPP
> it's dropped in hardware before MSFC has chance to see it.
> 
> However if you get CEF disabled from LC, you most probably don't care
> if software switching works or not, if CoPP allows the packets through
> or not, as MSFC can't handle the traffic levels anyhow. So real solution

Interesting.  In my case, once we disabled the COPP the router started properly switching the packets.

> would be feature from GSR 'router isis/external overload signalling' to
> signal neighbour not to send you anything if you're not running dCEF.

Thanks
German


More information about the cisco-nsp mailing list