Here is a diagram from that lays out the control-plane:Īs you can see from the above diagram, applying a control-plane policy (CoPP) applies an aggregate policer to all traffic destined for the CPU. CPPr on the other hand allows us to control access to the individual control-plane sub-interfaces, providing us with more direct control. This sounds good and simple but the control-plane is slightly more complex then that (go figure right). Probably the main difference is the fact with CoPP you control access and limit access to the entire control-plane. The next thing I want to mention is how Control-Plane Protection (CPPr) differs from Control-Plane Policing (CoPP). The control plane does a bit more then that but the three points above should get the point across. ![]() Handle traffic directed at the device itself.Maintains keep-alives for routing adjacencies.This is more important than you think, if the CPU is getting bombarded with a large number of packets the CPU must handle each one individually & it is possible the CPU will get too busy it start dropping other traffic.Handles packets that are not CEF switched, meaning the CPU has to take some time handle these packets.Well let’s consider a few things the control-plane does: ![]() The first thing we should probably clear up is, why should we protect the control-plane what is this going to do for us. Especially since checking the control-plane is not usually the first thing everyone looks at and half the time issuing a ‘sh run’ is just not an option at first. Well, let’s be honest if you have had to troubleshoot a CoPP or CPPr policy you know it is fun process. ![]() It’s not very common to see people jump on the idea of configuring Control-Plane Policing/Protection, a part of me thinks people avoid this subject like the plague because they feel it causes more problems then it is worth.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |