Reference Guide
Control-plane policing
Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary trac and giving
priority to important control plane and management trac. CoPP uses a dedicated control plane conguration through the QoS CLIs to set
rate-limiting capabilities for control plane packets.
If the rate of control packets towards the CPU is higher than the packet rate that the CPU can handle, CoPP provides a method to
selectively drop some of the control trac so that the CPU can process high-priority control trac. You can use CoPP to rate-limit trac
through each CPU port queue of the network processor (NPU).
CoPP applies policy actions on all control-plane trac. The control-plane class map does not use any match criteria. To enforce rate-limiting
or rate policing on control-plane trac, create policy maps. You can use the control-plane command to attach the CoPP service
policies directly to the control-plane.
The default rate limits apply to 12 CPU queues and the protocols mapped to each CPU queue. The control packet type to CPU ports
control queue assignment is xed. The only way you can limit the trac towards the CPU is choose a low priority queue, and apply rate-
limits on that queue to nd a high rate of control trac owing through that queue.
By default CoPP trac towards the CPU is classied into dierent queues as shown in the following table.
Table 36. CoPP queues
Queue Protocol
0 IPv6
1
2 IGMP
3 VLT, NDS
4 ICMPv6, ICMPv4
5 ARP Requet, ICMPV6-RS-NS, ISCSI snooping, ISCSI-COS
6 ICMPv6-RA-NA, SSH, TELNET,TACACS, NTP,FTP
7 RSTP,PVST, MSTP,LACP
8 Dot1X,LLDP, FCOE-FPORT
9 BGPv4, OSPFv6
10 DHCPv6, DHCPv4, VRRP
11 OSPF Hello, OpenFlow
See show control-plane info for information on the current protocol to queue mapping and the rate-limit congured per queue.
Quality of service
669