[c-nsp] N7k CoPP versus rate-limiters
Tóth András
diosbejgli at gmail.com
Tue Mar 20 16:53:14 EDT 2012
Hi Phil,
There are certain exceptions for packets being forwarded which are not
handled by CoPP, these are covered by the HW Rate Limiters.
Hardware rate-limiters protect the supervisor CPU from excessive
inbound traffic. The traffic rate allowed by the hardware
rate-limiters is configured globally and applied to each individual
I/O module. The resulting allowed rate depends on the number of I/O
modules in the system. CoPP provides more granular supervisor CPU
protection by utilizing the modular quality-of-service CLI (MQC).
Note that CoPP is applied per-linecard, so each module is allowed to
transmit the configured rate. There are 3 templates you can use for
CoPP, lenient, moderate and strict. The documentation describes them
and their values in detail. You can apply one or the other with the
'copp profile' command.
You can read more in detail about Configuring Rate Limits on the following link:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_011010.html
Below you can find the documentation for CoPP:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_011001.html
Best regards,
Andras
On Wed, Mar 14, 2012 at 12:41 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> All,
>
> We've just taken delivery of our first pair of N7k (and so far I'm
> impressed).
>
> I'm playing with porting our standard 6500 config to an equivalent N7k
> config, and I'm a bit puzzled by the interaction of CoPP and the hardware
> rate-limiters.
>
> On 6500/Sup720 these two features have well documented limitations and
> interaction - specifically HW rate-limiters pre-empt CoPP. I can't seem to
> find detailed information on how that works in the N7k.
>
> In general, what should I be using, for what?
>
> This is NX-OS 6, with M1 series linecards doing routing (MPLS).
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list