Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
51525354555657585960
53
OL-11615-01
CoPP Technology Overview
Control Plane Policing (CoPP) protects Catalyst 6500 and 4500 switches by allowing the definition and
enforcement of QoS policies that regulate the traffic processed by the main switch CPU (route or switch
processor). With CoPP, these QoS policies are configured to permit, block, or rate limit the packets
handled by the main CPU.
Packets handled by the main CPU, referred to as control plane traffic, typically include the following:
Routing protocols
Packets destined to the local IP address of the router
Packets from network management protocols, such as SNMP
Interactive access protocols, such as SSH, and telnet
Other protocols, such as ICMP, or IP options, might also require handling by the switch CPU
Layer 2 packets such as BPDU, CDP, DOT1X, and so on
CoPP leverages the modular QoS command-line interface (MQC) for its QoS policy configuration. MQC
allows the classification of traffic into classes, and lets you define and apply distinct QoS policies to
separately rate limit the traffic in each class. MQC lets you divide the traffic destined to the CPU into
multiple classes based on different criteria. For example, four traffic classes could be defined based on
relative importance: critical, normal, undesirable and default. After the traffic classes are defined, a QoS
policy can be defined and enforced for each class according to importance. The QoS policies in each
class can be configured to permit all packets, drop all packets, or drop only those packets exceeding a
specific rate limit.
Note The actual number of classes should be chosen based on local network requirements, security policies,
and a thorough analysis of the baseline traffic. Refer to
Recommended CoPP Deployment Methodology,
page 62 for more information.
Functionally, Catalyst 6500 and 4500 Series switches implement CoPP in a similar fashion. CoPP comes
into play right after the switching or the routing decision, and before traffic is forwarded to the control
plane. When CoPP is enabled, at a high level the sequence of events is as follows:
1. A packet enters the switch configured with CoPP on the ingress port.
2. The port performs any applicable input port and QoS services.
3. The packet gets forwarded to the switch CPU.
4. The switch CPU makes a routing or a switching decision, determining whether or not the packet is
destined to the control plane.
5. Packets destined for the control plane are processed by CoPP, and are dropped or delivered to the
control plane according to each traffic class policy. Packets that have other destinations are
forwarded normally.
As previously stated, the Catalyst 6500 and Catalyst 4500 Series switches implement CoPP similarly.
However, CoPP has been enhanced on both platforms to leverage the benefits of their hardware
architectures, and as a result each platform provides unique features. The following sections provide
information on CoPP implementations on Catalyst 6500 and Catalyst 4500 Series switches.