[c-nsp] CoPP Hardware Counters on RSP720/7600

David Granzer dgranzer at gmail.com
Mon Sep 22 08:54:37 EDT 2008 

Hello,

I have the same output on RSP720-3CXL with mls qos enabled.


RSP720#sh mls qos
  QoS is enabled globally


RSP720#sh policy-map control-plane input class copp-management

 Control Plane
  Service-policy input: control-plane-in

  Hardware Counters:
    class-map: copp-management (match-any)
      Match: access-group name coppacl-management-in

  Software Counters:
    Class-map: copp-management (match-any)
      470321 packets, 31043704 bytes
      5 minute offered rate 0 bps
      Match: access-group name coppacl-management-in
        470321 packets, 31043704 bytes
        5 minute rate 0 bps


Regards,
David

On 9/22/08, Ozgur Guler <gulerozgur at yahoo.co.uk> wrote:
> Hi Sebastian,
>
>  Have you confirmed that mls qos is enabled globally?
>  CoPP needs mls qos in order to work in HW.
>
>  Thanks
>  Ozgur
>
>  --- On Sat, 20/9/08, Sebastian Wiesinger <cisco-nsp at tracker.fire-world.de> wrote:
>  From: Sebastian Wiesinger <cisco-nsp at tracker.fire-world.de>
>  Subject: [c-nsp] CoPP Hardware Counters on RSP720/7600
>  To: cisco-nsp at puck.nether.net
>  Date: Saturday, 20 September, 2008, 4:05 PM
>
>
>  Hello,
>
>  I'm implementing a control plane policy for a 7600/RSP720 box. In this
>  policy I have a class-map which matches icmp packets and polices them.
>  That works fine, when I flood-ping the box there are icmp packets lost
>  when the policer drops packets. The only thing that bothers me is that
>  the hardware counters do not count up, only the software counters
>  display an accurate packet count. The box is running 12.2SRC
>
>  Is there a way to be sure that the packets are policed/dropped in
>  hardware?
>
>  These are the counters from "show policy-map control-plane input":
>
>   Hardware Counters:
>
>
>
>     class-map: copp-monitoring (match-any)
>
>       Match: access-group name copp-monitoring
>
>       police :
>
>         248000 bps 45000 limit 45000 extended limit
>
>       Earl in slot 5 :
>
>         562294 bytes
>
>         5 minute offered rate 0 bps
>
>         aggregate-forwarded 562294 bytes action: transmit
>
>         exceeded 0 bytes action: drop
>
>         aggregate-forward 0 bps exceed 0 bps
>
>
>
>   Software Counters:
>
>
>
>     Class-map: copp-monitoring (match-any)
>
>       217841 packets, 17517388 bytes
>
>       5 minute offered rate 1000 bps, drop rate 0 bps
>
>       Match: access-group name copp-monitoring
>
>         217841 packets, 17517388 bytes
>
>         5 minute rate 1000 bps
>
>       police:
>
>           cir 250000 bps, bc 45000 bytes, be 45000 bytes
>
>         conformed 215999 packets, 17336692 bytes; actions:
>
>           transmit
>
>         exceeded 459 packets, 44982 bytes; actions:
>
>           drop
>
>         violated 1395 packets, 136650 bytes; actions:
>
>           drop
>
>         conformed 1000 bps, exceed 0 bps, violate 0 bps
>
>
>
>  #sh class-map copp-monitoring
>
>   Class Map match-any copp-monitoring (id 3)
>    Match access-group name copp-monitoring
>
>  #sh access-lists copp-monitoring
>  Extended IP access list copp-monitoring
>     10 permit icmp any any ttl-exceeded (1 match)
>     20 permit icmp any any port-unreachable (2 matches)
>     30 permit icmp any any echo-reply (78 matches)
>     40 permit icmp any any echo (310459 matches)
>
>  #sh mls qos ip
>   QoS Summary [IPv4]:      (* - shared aggregates, Mod - switch module)
>
>       Int Mod Dir  Class-map DSCP  Agg  Trust Fl   AgForward-By   AgPoliced-By
>                                    Id         Id
>  -------------------------------------------------------------------------------
>        CPP  5  In copp-manag    0    0*    No  0            n/a            n/a
>        CPP  5  In   copp-bgp    0    0*    No  0            n/a            n/a
>        CPP  5  In  copp-ospf    0    0*    No  0            n/a            n/a
>        CPP  5  In copp-crit-    0    0*    No  0            n/a            n/a
>        CPP  5  In copp-tunne    0    0*    No  0            n/a            n/a
>        CPP  5  In copp-monit    0    1   dscp  0         566066              0
>        CPP  5  In class-defa    0    2   dscp  0      122496813              0
>
>        All  5   -    Default    0    0*    No  0    69655086564              0
>
>  Regards,
>
>  Sebastian
>
>  --
>  GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
>  'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS
>  NOTICE THE SCYTHE.
>             -- Terry Pratchett, The Fifth Elephant
>  _______________________________________________
>  cisco-nsp mailing list  cisco-nsp at puck.nether.net
>  https://puck.nether.net/mailman/listinfo/cisco-nsp
>  archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
>  _______________________________________________
>  cisco-nsp mailing list  cisco-nsp at puck.nether.net
>  https://puck.nether.net/mailman/listinfo/cisco-nsp
>  archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list