[c-nsp] Control Plane Policing on 7206VXR/NPE-G2.. - Arrgha crash..

Chris behrnetworks at gmail.com
Mon Dec 17 07:38:44 EST 2007 

Howard,

I think you *can* do CoPP on a VXR but you'll need 12.2(18)S at least. You
may also wish to look into storm control and aggregate policers. Lastly, if
the DoS attack is coming from just a few IPs, I'd just null route them.

Chris

On Dec 17, 2007 2:49 AM, Howard Leadmon <howard at leadmon.net> wrote:

> Ack, that was a typo, your right, the subject line had it correct..
>
> The query was on a 720xVXR/NPE-G2 series router.  Will have to look at the
> 12.2 stuff, I think when I got the router it came with 12.4, so I just
> updated
> to the most current rev before deploying it in the network.
>
> Talk about a bear getting rid of it, since trying to remove it from the
> config
> caused the crash, I had to write a replacement config without it to
> startup,
> and then reload.  Still it would be nice to have some working cpp on the
> router.
>
>
> ---
> Howard Leadmon
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Saku Ytti
> > Sent: Sunday, December 16, 2007 3:56 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Control Plane Policing on 7206VXR/NPE-G2.. - Arrgha
> > crash..
> >
> > On (2007-12-15 09:26 -0500), Howard Leadmon wrote:
> >
> > >  Has anyone used a cpp on the 7606/NPE-G2?  If so, did it work OK?
>  Heck
> > and
> > > if it worked, care to share what you have done, so maybe I can
> implement
> > > something that actually works and doesn't crash everything.  I guess
> for
> > now
> > > I'll just run it without one..
> >
> > I run CoPP on many 760x's, if you ment 760x or NPE-G2. If you mean
> > 7206VXR/NPE-G2, then answer is no. I can't run CoPP in any other
> platform
> > than PFC3x based platforms, as MPLS labels aren't popped before CoPP
> > evaluation, meaning, with explicit-null, nothing can be protected
> > with CoPP.
> > Your case looks like software bug, no doubt. You might want to look
> > at crashinfo, or at very least feed it to output intepreter and
> > open TAC Case. You may also want to give 12.2(31)SB10 a go.
> >
> > --
> >   ++ytti
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list