[c-nsp] CoPP Hardware Counters on RSP720/7600
Ozgur Guler
gulerozgur at yahoo.co.uk
Mon Sep 22 08:31:03 EDT 2008
Hi Sebastian,
Have you confirmed that mls qos is enabled globally?
CoPP needs mls qos in order to work in HW.
Thanks
Ozgur
--- On Sat, 20/9/08, Sebastian Wiesinger <cisco-nsp at tracker.fire-world.de> wrote:
From: Sebastian Wiesinger <cisco-nsp at tracker.fire-world.de>
Subject: [c-nsp] CoPP Hardware Counters on RSP720/7600
To: cisco-nsp at puck.nether.net
Date: Saturday, 20 September, 2008, 4:05 PM
Hello,
I'm implementing a control plane policy for a 7600/RSP720 box. In this
policy I have a class-map which matches icmp packets and polices them.
That works fine, when I flood-ping the box there are icmp packets lost
when the policer drops packets. The only thing that bothers me is that
the hardware counters do not count up, only the software counters
display an accurate packet count. The box is running 12.2SRC
Is there a way to be sure that the packets are policed/dropped in
hardware?
These are the counters from "show policy-map control-plane input":
Hardware Counters:
class-map: copp-monitoring (match-any)
Match: access-group name copp-monitoring
police :
248000 bps 45000 limit 45000 extended limit
Earl in slot 5 :
562294 bytes
5 minute offered rate 0 bps
aggregate-forwarded 562294 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
Software Counters:
Class-map: copp-monitoring (match-any)
217841 packets, 17517388 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: access-group name copp-monitoring
217841 packets, 17517388 bytes
5 minute rate 1000 bps
police:
cir 250000 bps, bc 45000 bytes, be 45000 bytes
conformed 215999 packets, 17336692 bytes; actions:
transmit
exceeded 459 packets, 44982 bytes; actions:
drop
violated 1395 packets, 136650 bytes; actions:
drop
conformed 1000 bps, exceed 0 bps, violate 0 bps
#sh class-map copp-monitoring
Class Map match-any copp-monitoring (id 3)
Match access-group name copp-monitoring
#sh access-lists copp-monitoring
Extended IP access list copp-monitoring
10 permit icmp any any ttl-exceeded (1 match)
20 permit icmp any any port-unreachable (2 matches)
30 permit icmp any any echo-reply (78 matches)
40 permit icmp any any echo (310459 matches)
#sh mls qos ip
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By
Id Id
-------------------------------------------------------------------------------
CPP 5 In copp-manag 0 0* No 0 n/a n/a
CPP 5 In copp-bgp 0 0* No 0 n/a n/a
CPP 5 In copp-ospf 0 0* No 0 n/a n/a
CPP 5 In copp-crit- 0 0* No 0 n/a n/a
CPP 5 In copp-tunne 0 0* No 0 n/a n/a
CPP 5 In copp-monit 0 1 dscp 0 566066 0
CPP 5 In class-defa 0 2 dscp 0 122496813 0
All 5 - Default 0 0* No 0 69655086564 0
Regards,
Sebastian
--
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS
NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list