[c-nsp] BFD bypassing CoPP on 6500
Antonio Soares
amsoares at netcabo.pt
Mon May 5 08:00:25 EDT 2014
I can try it on our lab.
I need the exact IOS version and the module/submodule used as input interface.
Also, the method to simulate the high levels of BFD traffic.
Thanks.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Robert Williams [mailto:Robert at CustodianDC.com]
Sent: segunda-feira, 5 de Maio de 2014 12:38
To: Antonio Soares; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] BFD bypassing CoPP on 6500
Hi,
I've not got any further with it I'm afraid, although I did find that a service-policy applied on a physical interface 'does' correctly match and police the traffic. However, it fails to work if you apply it to a vlan (or CoPP, as per my original email).
So if policy is applied to:
CoPP = doesn't match properly (stops BFD from working, but doesn't limit traffic rate or protect CPU) VLAN = same behaviour as CoPP Port = matches and limits correctly if applied to physical interface
I'd be curious to know if someone else could confirm this behaviour so I now it's not just something odd about this setup/kit in our lab.
Cheers,
Robert Williams
Custodian Data Centre
Email: Robert at CustodianDC.com
http://www.CustodianDC.com
-----Original Message-----
From: Antonio Soares [mailto:amsoares at netcabo.pt]
Sent: 05 May 2014 12:21
To: Robert Williams; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] BFD bypassing CoPP on 6500
Did you find anything else in the meanwhile ? What you found is potentially catastrophic...
Thanks.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
More information about the cisco-nsp
mailing list