Configuring Copp For Ospfv3 - Dell Force10 Z9000 Configuration Manual
Hide thumbs
Also See for Force10 Z9000:
- Reference manual (1483 pages) ,
- Configuration manual (984 pages) ,
- Manual (56 pages)
Table of Contents
Advertisement
CPU
Weights
Queue
5
16
6
16
7
64
8
32
9
64
10
32
11
32
Catch-All Entry for IPv6 Packets
Dell Networking OS currently supports configuration of IPv6 subnets greater than /64 mask length, but the agent writes it to the
default LPM table where the key length is 64 bits. The device supports table to store up to 256 subnets of maximum of /128 mask
lengths. This can be enabled and agent can be modified to update the /128 table for mask lengths greater than /64. This will restrict
the subnet sizes to required optimal level which would avoid these NDP attacks. The IPv6 stack already supports handling of >/64
subnets and doesn't require any additional work. The default catch-all entry is put in the LPM table for IPv4 and IPv6. If this is
included for IPv6, you can disable this capability by using the no ipv6 unknown-unicast command. Typically, the catch-all
entry in LPM table is used for soft forwarding and generating ICMP unreachable messages to the source. If this is in place then
irrespective of whether it is </64 subnet or >/64 subnet, it doesn't have any effect as there would always be LPM hit and traffic are
sent to CPU.
Unknown unicast L3 packets are terminated to the CPU CoS queue which is also shared for other types of control-plane packets like
ARP Request, Multicast traffic, L3 packets with Broadcast MAC address. The catch-all route poses a risk of overloading the CPU
with unknown unicast packets. This CLI knob to turn off the catch-all route is of use in networks where the user does not want to
generate Destination Unreachable messages and have the CPU queue's bandwidth available for higher priority control-plane traffic.
Configuring CoPP for OSPFv3
You can create an IPv6 ACL for control-plane traffic policing for OSPFv3, in addition to the CoPP support for VRRPv3, BGPv6, and
ICMPv6. This functionality is supported on the S4810, S4820T, S6000, MXL, and Z9000 platforms. You can use the ipv6
access-list name cpu-qos permit ospfv3 or the ipv6 access-list name cpu-qos ospfv3 command to allow
CoPP traffic for OSPFv3. The control plane management support for IPv6 ICMPv6 packets is enhanced to enable more number of
CPU queues on port to be available and other COPP improvements have been implemented.
To configure control-plane policing, perform the following:
1.
Create an IPv6 ACL for control-plane traffic policing for ospfv3.
CONFIGURATION mode
Dell(conf)#ipv6 access-list ospfv3 cpu-qos
Dell(conf-ipv6-acl-cpuqos)#permit ospf
2.
Create a QoS input policy for the router and assign the policing.
CONFIGURATION mode
Dell(conf)#qos-policy-input ospfv3_rate cpu-qos
Rate (pps)
300
ARP Request, NS, RS, iSCSI OPT Snooping
400
ICMP, ARP Reply, NTP, Local terminated L3, NA, RA,ICMPv6 (other Than NDP
and MLD)
400
xSTP, FRRP, LACP,
802.1x,ECFM,L2PT,TRILL, Open
flow
400
PVST, LLDP, GVRP, FCOE,
FEFD, Trace flow
600
OSPF, ISIS, RIPv2, BGP
300
DHCP, VRRP
300
PIM, IGMP, MSDP, MLD
Protocol
Control Plane Policing (CoPP)
217
Advertisement
Table of Contents
Troubleshooting
