Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
271272273274275276277278279280
Configure Control Plane Policing
The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue
may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol
CoPP is applied. This happens because queue-based rate limiting is applied first.
For example, border gateway protocol (BGP) and internet control message protocol (ICMP) share same queue
(Q6); Q6 has 400 PPS of bandwidth by default. The desired rate of ICMP is 100 PPS and the remaining 300
PPS is assigned to BGP. If ICMP packets come at 400 PPS, BGP packets may be dropped though ICMP
packets are rate-limited to 100 PPS. You can solve this by increasing Q6 bandwidth to 700 PPS to allow both
ICMP and BGP packets and then applying per-flow CoPP for ICMP and BGP packets. The setting of this Q6
bandwidth is dependent on the incoming traffic for the set of protocols sharing the same queue. If you are
not aware of the incoming protocol traffic rate, you cannot set the required queue rate limit value. You must
complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including
traffic coming at the line rate.
CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL-PLANE
mode to each port-pipe.
CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies.
The ACLs and QoS policies are assigned as service-policies.
Configuring CoPP for Protocols
This section lists the commands necessary to create and enable the service-policies for CoPP.
For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and
Quality of Service (QoS).
The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the
desired protocol type. Then, create a QoS input policy to rate-limit the protocol traffics according to the ACL.
The ACL and QoS policies are finally assigned to a control-plane service policy for each port-pipe.
1 Create a Layer 2 extended ACL for control-plane traffic policing for a particular protocol.
CONFIGURATION mode
mac access-list extended name cpu-qos
permit {arp | frrp | gvrp | isis | lacp | lldp | stp}
2 Create a Layer 3 extended ACL for control-plane traffic policing for a particular protocol.
CONFIGURATION mode
ip access-list extended name cpu-qos
permit {bgp | dhcp | dhcp-relay | ftp | icmp | igmp | msdp | ntp | ospf | pim |
ip | ssh | telnet | vrrp}
3 Create an IPv6 ACL for control-plane traffic policing for a particular protocol.
Control Plane Policing (CoPP) 278