- Control Plane Policing (CoPP)
- Used to protect CPU from DoS attack.
- Configured as QoS policing policy.
- Not all matches supported in class-map
- Applied under control-plane
- ‘service-policy input’
In this image above both routers are configured with the subnet 192.168.1.0/24, and R3 can ping R1. A CoPP policy below will stop this.
Now under ‘show policy-map control-plane’ we get this:
If we change the policy map to police instead of drop, we can just rate limit how much ICMP traffic is hitting the router control plane.
And now not all traffic is dropped, just rate limited as we can see in the ping above.
Above we can see that there were conformed packets, 33 that exceeded the policing and were dropped.