Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

481

482

483

484

485

486

487

488

489

490

Control-plane policing

Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary trac and giving

priority to important control plane and management trac. CoPP uses a dedicated control plane conguration through the QoS CLIs to

provide ltering and rate-limiting capabilities for the control plane packets.

If the rate of control packets towards the CPU is higher than it can handle, CoPP provides a method to selectively drops some of the

control trac so the CPU can process high-priority control trac. You can use CoPP to rate-limit trac through each CPU port queue of

the NPU.

CoPP applies policy actions on all control-plane trac. The control-plane class map does not use any match criteria. To enforce rate-limiting

or rate policing on control-plane trac, create policy maps. You can use the control-plane command to attach the CoPP service

policies directly to the control-plane.

The default rate limits apply to 12 CPU queues and the protocols mapped to each CPU queue. The control packet type to CPU ports

control queue assignment is xed. The only way you can limit the trac towards the CPU is choose a low priority queue, and apply rate-

limits on that queue to nd a high rate of control trac owing through that queue.

See show control-plane info for specic information on protocols and rate limits of CPU queues.

Congure control-plane policing

Rate-limiting the protocol CPU queues requires conguring control-plane type QoS policies.

• Create QoS policies (class maps and policy maps) for the desired CPU-bound queue.

• Associate the QoS policy with a particular rate-limit.

• Assign the QoS service policy to control plane queues.

By default, the pir and cir values are in pps for control plane. CoPP for CPU queues converts the input rate from kbps to pps, assuming

64 bytes is the average packet size, and applies that rate to the corresponding queue – 1 kbps is roughly equivalent to 2 pps.

1 Create a class-map of type control-plane and congure a name for the class-map in CONFIGURATION mode.

class-map type control-plane class-map-name

2 Return to CONFIGURATION mode.

exit

3 Create an input policy-map to assign the QoS policy to the desired service queues in CONFIGURATION mode.

policy-map type control-plane policy-map-name

4 Associate a policy-map with a class-map in POLICY-MAP mode.

class class-name

5 Congure marking for a specic queue number in POLICY-MAP-CLASS-MAP mode (0 to 11).

qos group queue-number

6 Congure rate policing on incoming trac in POLICY-MAP-CLASS-MAP mode.

police {cir committed-rate | pir peak-rate}

• cir committed-rate—Enter a committed rate value in pps (0 to 4000000).

• pir peak rate — Enter a peak-rate value in pps (0 to 40000000).

Create QoS policy for CoPP

OS10(config)# class-map type control-plane copp

OS10(conf-cmap-control-plane)# exit

OS10(config)# policy-map type control-plane copp1

OS10(conf-pmap-control-plane)# class copp

Quality of service

489