Control Plane Policing Overview; Supported Protocols - Cisco ASR 900 Series Configuration Manual
Aggregation services router qos: policing and shaping configuration guide, cisco ios xe release 3s
Hide thumbs
Also See for ASR 900 Series:
- Release notes (310 pages) ,
- Manual (174 pages) ,
- Configuration manual (172 pages)
Table of Contents
Advertisement
Control Plane Policing
Control Plane Policing Overview
To protect the control plane on a router from DoS attacks and to provide fine-control over the traffic to the
control plane, the Control Plane Policing feature treats the control plane as a separate entity with its own
interface for ingress (input) and egress (output) traffic. This interface is called the punt/inject interface, and
it is similar to a physical interface on the router. Along this interface, packets are punted from the forwarding
plane to the RP (in the input direction) and injected from the RP to the forwarding plane (in the output direction).
A set of quality of service (QoS) rules can be applied on this interface (in the input direction) in order to
achieve CoPP.
These QoS rules are applied only after the packet has been determined to have the control plane as its
destination. You can configure a service policy (QoS policy map) to prevent unwanted packets from progressing
after a specified rate limit has been reached; for example, a system administrator can limit all TCP/TELNET
packets that are destined for the control plane.
Figure 1: Abstract Illustration of a Router with a Single RP and Forwarding Plane
The figure above provides an abstract illustration of the router with a single RP and forwarding plane. Packets
destined to the control plane come in through the carrier card and then go through the forwarding plane before
being punted to the RP. When an input QoS policy map is configured on the control plane, the forwarding
plane performs the QoS action (for example, a transmit or drop action) before punting packets to the RP in
order to achieve the best protection of the control plane in the RP.
As shown in "Control Plane Policing Overview" section, the control plane interface is directly connected
Note
to the RP, so all traffic through the control plane interface to or from the control-plane is not subject to
the CoPP function performed by the forwarding plane.
Supported Protocols
The following table lists the protocols supported on Control Plane Policing feature.
QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
Control Plane Policing Overview
39
Advertisement
Table of Contents
