[c-nsp] N7k CoPP not MPLS-aware?

Phil Mayers p.mayers at imperial.ac.uk
Thu Dec 12 09:10:29 EST 2013


On 15/11/13 12:02, Saku Ytti wrote:
> On (2013-11-15 09:48 +0000), Phil Mayers wrote:
>
>> Has anyone else seen this? Our N7k CoPP policy seems to be letting
>> packets through which are arriving MPLS-labelled. In particular,
>> this means it's completely ineffective at protecting the CPU in an
>> L3VPN, since all packets inside the VPN arrive labelled.
>
> Alas this is the rule, 7600 having working CoPP is the exception.
>
> In 2006-03-16 I opened TAC case 603198067 complaining how 'explicit-null'
> breaks CoPP in GSR, VXR, NSE100, 5400, result was that it was expected
> behaviour.

Sadly you are correct. CSCty29692 is the relevant bug ID, and the 
traffic is hitting the "MPLS L2" limiter in my testing.

Oh well.


More information about the cisco-nsp mailing list