• Control Plane Policing (CoPP)
    • Used to protect CPU from DoS attack.
    • Configured as QoS policing policy.
      • Not all matches supported in class-map
    • Applied under control-plane
      • ‘control-plane’
      • ‘service-policy input’

In this image above both routers are configured with the subnet 192.168.1.0/24, and R3 can ping R1. A CoPP policy below will stop this.

Now under ‘show policy-map control-plane’ we get this:

If we change the policy map to police instead of drop, we can just rate limit how much ICMP traffic is hitting the router control plane.

And now not all traffic is dropped, just rate limited as we can see in the ping above.

Above we can see that there were conformed packets, 33 that exceeded the policing and were dropped.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s