OSI:CoPP

Z HelpDesk
Verze z 24. 10. 2024, 13:21, kterou vytvořil Simekm (diskuse | příspěvky) (→‎Konfigurace CoPP)
(rozdíl) ← Starší verze | zobrazit aktuální verzi (rozdíl) | Novější verze → (rozdíl)

Control Plane Policing - CoPP

Vytvoření nového CoPP na základě moderate

copp copy profile moderate prefix WEBnet

Konfigurace CoPP

policy-map type control-plane WEBnet-copp-policy-moderate
 class WEBnet-copp-class-l3uc-data
   set cos 1
   logging drop threshold 50 level 1
   ! 384mb/2m, moderate 800kb/32000
   police cir 384 mbps bc 2 mbytes conform transmit violate drop
 class WEBnet-copp-class-critical
   set cos 7
   logging drop threshold 50 level 1
   police cir 36000 kbps bc 1920000 bytes conform transmit violate drop
 class WEBnet-copp-class-important
   set cos 6
   logging drop threshold 50 level 1
   police cir 2500 kbps bc 1920000 bytes conform transmit violate drop
 class WEBnet-copp-class-openflow
   set cos 5
   logging drop threshold 50 level 1
   police cir 1000 kbps bc 48000 bytes conform transmit violate drop
 class WEBnet-copp-class-multicast-router
   set cos 6
   logging drop threshold 50 level 1
   police cir 2600 kbps bc 192000 bytes conform transmit violate drop
 class WEBnet-copp-class-multicast-host
   set cos 1
   logging drop threshold 50 level 1
   police cir 1000 kbps bc 192000 bytes conform transmit violate drop
 class WEBnet-copp-class-l3mc-data
   set cos 1
   logging drop threshold 50 level 1
   ! 12800kb/128000, moderate 2400kb/32000
   police cir 12800 kbps bc 128000 bytes conform transmit violate drop
 class WEBnet-copp-class-normal
   set cos 1
   logging drop threshold 50 level 1
   ! 19200kb/384000, moderate 1400kb/48000
   police cir 19200 kbps bc 384000 bytes conform transmit violate drop
 class WEBnet-copp-class-ndp
   set cos 6
   logging drop threshold 50 level 1
   ! 1600kb/96000, moderate 1400/48000
   police cir 1600 kbps bc 96000 bytes conform transmit violate drop
 class WEBnet-copp-class-normal-dhcp
   set cos 1
   logging drop threshold 50 level 1
   police cir 1300 kbps bc 48000 bytes conform transmit violate drop
 class WEBnet-copp-class-normal-dhcp-relay-response
   set cos 1
   logging drop threshold 50 level 1
   police cir 1500 kbps bc 96000 bytes conform transmit violate drop
 class WEBnet-copp-class-normal-igmp
   set cos 3
   logging drop threshold 50 level 1
   ! 10000kb/96000, moderate 3000kb/64000
   police cir 10000 kbps bc 96000 bytes conform transmit violate drop
 class WEBnet-copp-class-redirect
   set cos 1
   logging drop threshold 50 level 1
   police cir 280 kbps bc 48000 bytes conform transmit violate drop
 class WEBnet-copp-class-exception
   set cos 1
   logging drop threshold 50 level 1
   police cir 150 kbps bc 48000 bytes conform transmit violate drop
 class WEBnet-copp-class-exception-diag
   set cos 1
   logging drop threshold 50 level 1
   ! 320kb/48000, moderate 150kb/48000
   police cir 320 kbps bc 48000 bytes conform transmit violate drop
 class WEBnet-copp-class-management
   set cos 2
   logging drop threshold 50 level 1
   police cir 36000 kbps bc 640000 bytes conform transmit violate drop
 class WEBnet-copp-class-monitoring
   set cos 1
   logging drop threshold 50 level 1
   police cir 360 kbps bc 192000 bytes conform transmit violate drop
 class WEBnet-copp-class-l2-unpoliced
   set cos 7
   logging drop threshold 50 level 1
   police cir 50 mbps bc 8192000 bytes conform transmit violate drop
 class WEBnet-copp-class-undesirable
   set cos 0
   logging drop threshold 50 level 1
   ! 50mb/256k, moderate 200kb/48000
   police cir 50 mbps bc 256 kbytes conform transmit violate drop
 class WEBnet-copp-class-fcoe
   set cos 6
   logging drop threshold 50 level 1
   police cir 39930 kbps bc 907500 bytes conform transmit violate drop
 class WEBnet-copp-class-nat-flow
   set cos 7
   logging drop threshold 50 level 1
   police cir 800 kbps bc 64000 bytes conform transmit violate drop
 class WEBnet-copp-class-l3mcv6-data
   set cos 1
   logging drop threshold 50 level 1
   police cir 2400 kbps bc 32000 bytes conform transmit violate drop
 class WEBnet-copp-class-undesirablev6
   set cos 0
   logging drop threshold 50 level 1
   police cir 200 kbps bc 48000 bytes conform transmit violate drop
 class WEBnet-copp-class-l2-default
   set cos 0
   logging drop threshold 50 level 1
   police cir 400 kbps bc 48000 bytes conform transmit violate drop
 class class-default
   set cos 0
   logging drop threshold 50 level 1
   ! 64mb/256k, moderate 400kb/8000
   police cir 64 mbps bc 256 kbytes conform transmit violate drop

Nastavení nového CoPP jako systémového

control-plane
 service-policy input WEBnet-copp-policy-moderate

Zobrazení stavu

Zobrazení stavu CoPP

show policy-map interface control-plane

Vynulování čítačů

clear copp statistics

Zobrazení pouze dropujících záznamů (proti předchozímu spuštění stejného příkazu)

show policy-map interface control-plane | grep 'dropped [1-9]' | diff

Zobrazení hardwarových rate-limiterů

show hardware rate-limiter

Vynulování čítačů hardwarových rate-limiterů

clear hardware rate-limiter all

Odkazy

Monitoring and Troubleshooting Nexus 9000 Switches

Modifying Control Plane Policying to Protect Routing Neighbors

How to Verify CoPP Policy and Drops in Cisco NX-OS

Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.3(x) Chapter: Configuring Control Plane Policing