[c-nsp] CoPP C6500 VS-SUP720-10G
Saku Ytti
saku at ytti.fi
Fri Feb 3 13:10:33 EST 2012
On (2012-02-03 18:04 +0100), Tim Kleefass wrote:
> > Can anyone help me with a good "defaul" configuration using CoPP on
> > VS-SUP720-10G running IOS 12.2(33)SXJ, like the one that is default with
> > SUP2T. I know that it depends on your network and traffic pattern but i
> > need some kind of basic protection.
>
> For IPv6 you can take a look at
>
> http://www.cesnet.cz/doc/techzpravy/2010/ipv6-copp/
Not a full review but cursory look and I think this might not work at all.
Ae you sure it actually works and is programmed in hardware?
a) match-all is not supported, it might work since you're not using multiple matches.
b) you can't use host match in that config, as you are supporting L4
matches. /80 is as specific as you can go
c) you should permit all multicast addresses (same goes for ipv4), copp
does not support it and if you don't allow in copp, you can never program
hardware shortcuts
To confirm what you have in hardware:
- show vlan internal usage | i Control Plane Protection
- remote command switch show tcam interface vlan VLAN qos type2 ipv6
--
++ytti
More information about the cisco-nsp
mailing list