Solved: Re: Control Plane Policy

glsparks · ‎02-29-2024

I have an issue with a control plane policy that is tearing down BGP without any specific pattern.

ip access-list ex TEST

permit tcp host 192.168.1.1 host 192.168.1.2 eq bgp

permit tcp host 192.168.1.1 eq bgp host 192.168.1.2

policy-map CONTROL_PLANE_POLICY
class COPP_ROUTING
police rate 500 pps burst 750 packets peak-rate 1000 pps
conform-action transmit
exceed-action transmit
violate-action drop

class class-default

police rate 10 pps

conform action drop

So after a period of time BGP gets torn down. The peer is only sending a default route. The policy map does not show any exceed or violate in the COPP_ROUTING class.

What would be causing this?

MHM Cisco World · ‎02-29-2024

Did you check arp it can Control plane drop arp which need for bgp to establish tcp connections

MHM

View solution in original post

MHM Cisco World · ‎02-29-2024

Did you check arp it can Control plane drop arp which need for bgp to establish tcp connections

MHM

glsparks · ‎02-29-2024

Yep that did it. Created:

class-map ARP

match protocol arp

stuck that in the policy-map CONTROL_PLANE_POLICY

BGP has stayed up!

Ramblin Tech · ‎02-29-2024

class class-default

police rate 10 pps

conform action drop

What is the intended purpose of policing to 10pps and dropping packets that conform to this rate? Note: I am more familiar with XR's LPTS than IOS's COPP.

Disclaimer: I am long in CSCO

glsparks · ‎03-01-2024

A very good spot. Just me typing it in for the sake of brevity i'm afraid.

It actually reads

class class-default

police rate 10 pps

conform-action transmit

exceed-action drop