Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
2
Replies

6500 CoPP policy help?

davidjohnredfern
Level 1
Level 1

‎04-11-2014 02:07 AM - edited ‎03-07-2019 07:03 PM

Hi,

 

I am trying to implement CoPP on a 6500 and need some assistance.

I wish to rotect the switch/network during any event such as virus outbreak, and retain remote access via telnet.

I have created several classes for known traffic, and applied as transmit/transmit so I can fine tune the values.

I am finding the below  challenges.

 

1. Many classes, despite averaging well below the CIR appear to 'burst' regularly into exceed/viotate.

I have tried to increase  the 'CIR and bc/be' to higher values to get the exceeds down to zero. However they appear to keep bursting into exceed/violate.  I am unsure what do as I do not want to drop this traffic and cause more issues?

 

2. Despite classifying all known traffic, still 70-80% seems to be taken up by the 'class default'?

Is this too high or ok? Do I need to more classification via spanning the control plane to wireshark?

 

I am worried I will cause more issues if important traffic is dropped?

And that some traffic (such as spanning tree) cannot be classified out of the class default.

 

Just looking for some general guidance.

 

Thanks

 

 

 

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-11-2014 03:56 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

CoPP is really to protect the control plane from DoS type of overload, so the switch can still meet some or all of its control plane requirements.  Depending on the nature of an attack, toward the network device itself, you might be on difficult to impossible quest to guarantee in-band access, like telnet.  Even out-of-band access might have issues.

 

Like broadcast storm control, often necessary data is policed too.

 

So, as you're finding, getting CoPP to really work as you think it should, can be problematic.

 

However, it doesn't mean CoPP isn't without merit, just understand it's sort of a last resort to try to preclude total network failure, but when it engages, you're likely to still have some network issues.

0 Helpful

davidjohnredfern
Level 1
Level 1
In response to Joseph W. Doherty

‎04-16-2014 07:32 PM

Thank you for the above response!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card