Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1341
Views
10
Helpful
1
Replies

Control Plane Policing Traffic identification

mpalis
Level 1
Level 1

‎08-30-2011 01:08 AM - edited ‎03-01-2019 02:28 PM

Hello all

I configure on an ASR a controll plane policing and  althoug i have a match-all class, I can see packets conforming to  class-default . My question is how can I identify which kind of traffic  is conformed by class-default? Also I notice that ACL counter do not  work. Any helo will be appreciated

Class-map: class-default (match-any) 

      7218 packets, 65117 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: any

      police:

         rate 50 pps, burst 500 packets, peak-burst 500 packets

          conformed 7313 packets, 68455 bytes; actions:

            transmit

          exceeded 0 packets, 0 bytes; actions:

            transmit

          violated 0 packets, 0 bytes; actions:

            transmit

          conformed 1 pps, exceeded 0 pps, violated 0 pps

Here is my Control plane policing

Policy Map SYSTEM-COPP-POLICY

    Class ARP_CoPP

     police rate 20 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

    Class SNMP_CoPP

     police rate 100 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

    Class Mgmt_CoPP

     police rate 100 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

    Class Routing_CoPP

     police rate 100 pps, burst 500 packets

       conform-action transmit

       exceed-action transmit

       violate-action drop

    Class ICMP_CoPP

     police rate 20 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

    Class PPPOE-DISCOVERY_CoPP

     police rate 250 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

    Class PPPOE-DATA-PACKETS_CoPP

     police rate 100 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

    Class reject-all_COPP

     police rate 1 pps, burst 500 packets

       conform-action drop

       exceed-action drop

       violate-action drop

    Class Catch-all_CoPP

     police rate 50 pps, burst 500 packets

       conform-action transmit

       exceed-action drop

       violate-action drop

Class class-default

     police rate 50 pps, burst 500 packets

       conform-action transmit

       exceed-action transmit

       violate-action transmit

ip access-list extended Catch_all_CoPP

permit icmp any any

permit tcp any any

permit udp any any

permit eigrp any any

permit pim any any

permit ipinip any any

permit gre any any

permit nos any any

permit esp any any

permit ahp any any

permit pcp any any

permit ip any any

ip access-list extended ICMP_CoPP

deny   icmp any any fragments

remark === Traceroute responses ===

permit icmp any any ttl-exceeded

permit icmp any any port-unreachable

remark === Pings ===

permit icmp any any echo

permit icmp any any echo-reply

remark === Traceroute ===

permit udp any any range 33434 33600

ip access-list extended Mgmt_CoPP

permit XXXXXXXXXXXX

ip access-list extended Routing_CoPP

permit ip XXXXXXXXXXXXXx

ip access-list extended SNMP_CoPP

permit XXXXXXXXXXXXxx

ip access-list extended reject-all_COPP

permit udp any any eq snmp

remark === IP fragments Drop ===

permit icmp any any fragments

permit udp any any fragments

permit ip any any fragments

Labels:
0 Helpful
1 Reply 1

rsimoni
Cisco Employee
Cisco Employee

‎09-07-2011 04:55 AM

Hello mpalis,

traffic which is not matching any defined classes ends in class class-default which is always applied whether you configured it or not.

Some traffic types cannot be defined by the classes and always go to the class-default class. Examples of those are Layer 2 PDUs/keepalives (CDP, ARP etc) and non-IP traffic (ISIS etc.). Also IPv6 traffic, if not expressely defined within a specific class, ends up in class-default.

What you see is pretty expected then. Some Layer 2 or non-IP control traffic is hitting the default class every now and then (the rate is pretty low in your ouputs > 1pps or so).

About the monitoring part it is not that easy on this platform (I assume you have a ASR 1000) as the easiest way to identify that traffic would be to use ERSPAN and use the CPU as the source. Unfortunately that is not supported (even though the CLI allows to configure it) and it does not work.

Other option would be Embedded Packet Capture (EPC) and capture process switched packets but this is not supported either on ARS.

What is left is an engineering command to see what is actually punted to the CPU which is "debug platform software infrastructure punt".  Note that this is command can give a pretty chatty (overwhelming) output, so I suggest you to disable the console logging and send the output to the syslog if you intend to use it.

You will likely see some non-IP traffic/L2 traffic popping up every now and then confirming what i wrote above.

regards,

Riccardo

PS: Please rate the answer if helpful and flag the question as answered if no more help is needed.

Customers Also Viewed These Support Documents