• Control Plane Policing (CoPP)
    • Used to protect CPU from DoS attack.
    • Configured as QoS policing policy.
      • Not all matches supported in class-map
    • Applied under control-plane
      • ‘control-plane’
      • ‘service-policy input’

In this image above both routers are configured with the subnet 192.168.1.0/24, and R3 can ping R1. A CoPP policy below will stop this.

Now under ‘show policy-map control-plane’ we get this:

If we change the policy map to police instead of drop, we can just rate limit how much ICMP traffic is hitting the router control plane.

And now not all traffic is dropped, just rate limited as we can see in the ping above.

Above we can see that there were conformed packets, 33 that exceeded the policing and were dropped.

Published by Yup2k

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s