[c-nsp] CoPP Hardware Counters on RSP720/7600

Ivan Gasparik ivan at ig.sk
Tue Oct 7 09:43:15 EDT 2008 

Hi,

I have been facing the same issue these days too, the result is very 
simple and sad:
CoPP can't handle broadcast and multicast traffic in hardware
More detailed explanation is here:
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/dos.html#wp1141802

I'm still trying to configure some kind of protection of router's CPU 
against broadcast storms. The most aggressive traffic hitting the CPU 
during broadcast storm are OSPF and HSRP multicast packets in my 
case. Policing through mls qos protocol police is not usable because 
it cannot distinguish between good ospf packets coming from routed 
interfaces and bad ospf packets from SVI's multiplied by storm.
It looks I will have to do combine storm-control applied on the 
physical layer 2 interface and then make a smarter policing using 
CoPP on control-plane for the rest of traffic that got through the 
storm-control. Even thought CoPP will do that in software, my 
SUP720's can handle almost 100k pps, which could be quite enough.

Ivan


On Tuesday 23 September 2008, David Granzer wrote:
> Hello,
>
> with CoPP enabled and flood ping to the RSP720 I don't have higher
> CPU utilization than is normal on my box. Without CoPP and ICMP
> flood (ping -f -s 1400) the CPU util goes to 90% - 99%.
>
> CPU utilization for five seconds: 96%/21%; one minute: 44%; five
> minutes: 20%
>
>  PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY
> Process 194    23910192 426932747         56 46.38% 20.81%  5.12%  
> 0 IP Input
>
> The CPU utilization with CoPP enabled is depend on what rate you
> doing policing for particular class, e.g. how many ICMP packet you
> are conforming to the RSP.
>
> Regards,
> David
>
> On 9/22/08, Sebastian Wiesinger <cisco-nsp at tracker.fire-world.de> 
wrote:
> > * Ozgur Guler <gulerozgur at yahoo.co.uk> [2008-09-22 14:31]:
> > > Hi Sebastian,
> > >
> >  > Have you confirmed that mls qos is enabled globally?
> >  > CoPP needs mls qos in order to work in HW.
> >
> > Yes, "mls qos" is enabled. I tried doing a flood-ping with hping3
> > and have around 30-40% of CPU usage. This seems a little bit
> > high, but I heard from others that without CoPP the session to
> > the RSP720 would just freeze. With my CoPP enabled I was able to
> > work without delay on the RSP720.
> >
> >  I couldn't test the situation without CoPP but I hope I can do
> > so tonight.
> >
> >
> >
> >  Regards,
> >
> >  Sebastian
> >
> >  --
> >  GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
> >  'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS
> > NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
> >  _______________________________________________
> >  cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >  https://puck.nether.net/mailman/listinfo/cisco-nsp
> >  archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list