[c-nsp] 7600 Questions

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Mar 28 02:40:48 EDT 2008


Justin Shore <> wrote on Friday, March 28, 2008 4:31 AM:

> Mikael Abrahamsson wrote:
>> On Thu, 27 Mar 2008, Justin Shore wrote:
>> 
>>> Also, you should skip the Sup720-3BXL and get the RSP720-3CXL for
>>> the same $$.  And you should also get your 67xx linecards with DFCs
>>> that match the Sup as well.  It's worth the added expense.
>> 
>> Why do you think that it's worth the added expense initially?
>> 
>> I'd say it's worth it when you start to approach 5-10MPPS (due to CFC
>> worst case limit of ~15 MPPS) but not before.
> 
> It depends on how you're using your linecards.  For some people it's a
> matter of the performance capabilities of the FE.  For anyone with a
> 6500/7600 carrying full Internet tables or having their chassis
> publicly accessible on the Internet, it's a matter of offloading CoPP
> onto the DFC.  Otherwise CoPP happens in software on the MSFC.  You
> may in fact be less susceptible to being DoSed without CoPP enabled
> in chassis without DFCs.  Otherwise you're opening up a path straight
> to the CPU. 

I don't think this is true. CoPP on the 6500/7600 is implemented in
hardware (assuming "mls qos" is enabled): on the PFC within the Sup as
well as on the DFCs (if there are any). Please take a look at the CoPP
chapter in
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_wh
ite_paper0900aecd802ca5d6.html which describes the CoPP architecture on
this platform.

	oli


More information about the cisco-nsp mailing list