I am trying to implement CoPP on a 6500 and need some assistance.
I wish to rotect the switch/network during any event such as virus outbreak, and retain remote access via telnet.
I have created several classes for known traffic, and applied as transmit/transmit so I can fine tune the values.
I am finding the below challenges.
1. Many classes, despite averaging well below the CIR appear to 'burst' regularly into exceed/viotate.
I have tried to increase the 'CIR and bc/be' to higher values to get the exceeds down to zero. However they appear to keep bursting into exceed/violate. I am unsure what do as I do not want to drop this traffic and cause more issues?
2. Despite classifying all known traffic, still 70-80% seems to be taken up by the 'class default'?
Is this too high or ok? Do I need to more classification via spanning the control plane to wireshark?
I am worried I will cause more issues if important traffic is dropped?
And that some traffic (such as spanning tree) cannot be classified out of the class default.
Just looking for some general guidance.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
CoPP is really to protect the control plane from DoS type of overload, so the switch can still meet some or all of its control plane requirements. Depending on the nature of an attack, toward the network device itself, you might be on difficult to impossible quest to guarantee in-band access, like telnet. Even out-of-band access might have issues.
Like broadcast storm control, often necessary data is policed too.
So, as you're finding, getting CoPP to really work as you think it should, can be problematic.
However, it doesn't mean CoPP isn't without merit, just understand it's sort of a last resort to try to preclude total network failure, but when it engages, you're likely to still have some network issues.