[c-nsp] N7k CoPP not MPLS-aware?

Tim Durack tdurack at gmail.com
Fri Nov 15 11:40:38 EST 2013


Does it make any difference if you run "label-allocation-mode per-vrf"?


On Fri, Nov 15, 2013 at 4:48 AM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:

> Has anyone else seen this? Our N7k CoPP policy seems to be letting packets
> through which are arriving MPLS-labelled. In particular, this means it's
> completely ineffective at protecting the CPU in an L3VPN, since all packets
> inside the VPN arrive labelled.
>
> Presumably the class-map isn't matching, since the IP header isn't
> visible. This is not the way other platforms e.g. sup720 work, and is
> distinctly unhelpful.
>
> The boxes are on an older release - 5.2(4) - but I didn't spot anything in
> the release notes about it...
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
Tim:>


More information about the cisco-nsp mailing list