[c-nsp] CoPP - matching protocol ARP plus an input-interface
Chuck Church
chuckchurch at gmail.com
Thu Sep 12 15:54:48 EDT 2013
All,
Working on 871 router at a customer site. Unknown ARP flood
coming from customer LAN was crushing router CPU, guessing about 2800
pkt/sec. A service policy applied to control plane just matching ARP does
what expected, but when I tried to limit it to just customer-side ARP by
matching protocol ARP plus input-int VL1:
Service-policy input: CoPP
Class-map: ARP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol arp
Match: input-interface Vlan1
police:
cir 8000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
863 packets, 132033 bytes
5 minute offered rate 21000 bps, drop rate 0 bps
Match: any
I dont get any matches. If I remove the match input-int, the counters
again start increasing for ARP. Is it a known issue that CoPP cant be
combined with an input-int, or maybe just ARP combined with that? Reading
various URLS such as:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html
didnt exactly say that, although it mentioned ARP being processed at
CEF-exception interface. Does that explain it?
Thanks,
Chuck
More information about the cisco-nsp
mailing list