nanog mailing list archives
Control Plane Policing
From: hjan <hjan () libero it>
Date: Thu, 01 Jun 2006 12:07:00 +0200
Hello,I have read cisco's doc about cpp and i've also read the good documentation written by John Kristoff about cpp
in wich are included some implementation example.I do some test in our lab environment, a GSR 12410 with IOS 12.0(32)S2 but i'm not satisfied with the result.
Suppose this sample conf: access-list 168 permit icmp any loopback0 0.0.0.0 access-list 169 permit any class-map cp-icmp match access-group 168 class-map cp-default match access-group 169 policy-map cp-traffic class cp-icmp police 8000 conform-action transmit exceed-action drop class cp-default priority control-plane service-policy input cp-trafficThen i ping from a host or a router the loopback0 and i noticed that only if i set an MTU or packet size > 1500, in fact 1480 so with the standar ip header is always 1500, the policy take effect. In fact if i issue the sh policy-map control-plane with small packet size all traffic seems to be matched
by the cp-default class: Service-policy input: cp-traffic (225) Class-map: cp-icmp (match-all) (4925921/1) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 168 (15210210) police: cir 8000 bps, bc 4470 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: cp-default (match-all) (14530241/2) 151 packets, 11967 bytes 5 minute offered rate 2000 bps, drop rate 0 bps Match: access-group 3 (1872818) Class-map: class-default (match-any) (9318433/0) 3149 packets, 333931 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: any (4397474) Instead with a greater size: Class-map: cp-icmp (match-all) (4925921/1) 22 packets, 16896 bytes 5 minute offered rate 2000 bps, drop rate 0 bps Match: access-group 168 (15210210) police: cir 8000 bps, bc 4470 bytes conformed 20 packets, 13888 bytes; actions: transmit exceeded 2 packets, 3008 bytes; actions: drop conformed 2000 bps, exceed 0 bps Is there anyone with some idea or anyone that can share experience with me ? Thanks Gianluca Italy
Current thread:
- Control Plane Policing hjan (Jun 01)
- Re: Control Plane Policing John Kristoff (Jun 01)