Nexus 5500 CoPP Classes
Available Languages
Contents
Introduction
This document describes the Nexus 5500 Control Plane Protection (CoPP) classes and which type of traffic is matched to each class.
Background Information
CoPP was introduced on Nexus 5500 via NX-OS Release 5.1(3). CoPP is implemented on Nexus 55xx only. It is not available on Nexus 50x0.
Nexus 5500 CoPP Classes and their Traffic Types
Nexus 5500 provides very limited control over CoPP compared to Nexus 7000. The Nexus 5500 CoPP policy cannot be completely removed. A user can choose between three predefined policies, or can create a customized policy given that CoPP classes cannot be removed from the policy-map. Only the Committed Information Rate (CIR) rate/burst size can be edited. Also no new CoPP class-maps can be defined.
Possible CoPP policy-maps are:
- copp-system-policy-default
- copp-system-policy-scaled-l2
- copp-system-policy-scaled-l3
- copp-system-policy-customize
Policy-map names are self-explanatory. Only one of the four policies can be applied at a single time. The removal of any policy automatically applies the default policy.
Only copp-system-policy-customized can be edited. If you attempt to edit the first three policies, an error is returned:
Switch(config)# policy-map type control-plane copp-system-policy-scaled-l2
ERROR: Only copp-system-policy-customized can be modified
Switch(config)#
CoPP Classes
All class-maps use the Match Protocol statements.
The class-maps do not show up in the running configuration. The only CoPP-related configuration that shows in the running-config is the non-default customized policy-map config. For example:
Switch# sh run copp
!Command: show running-config copp
!Time: Tue Apr 30 20:20:00 2013
version 5.2(1)N1(2)
logging level copp 4
policy-map type control-plane copp-system-policy-customized
class copp-system-class-arp
police cir 5000 kbps bc 3600000 bytes
class copp-system-class-default
police cir 2048 kbps bc 6400000 bytes
control-plane
service-policy input copp-system-policy-customized
Switch#
CoPP class-maps can be checked with show class-map type control-plane or show policy-map interface control-plane. A description is provided next to each match statement:
Switch# show policy-map interface control-plane | i class-map|match class-map copp-system-class-igmp (match-any)
match protocol igmp --> Matches on IGMP IP protocol number (2)
class-map copp-system-class-pim-hello (match-any)
match protocol pim --> Matches on PIM IP protocol number (103)
class-map copp-system-class-bridging (match-any)
match protocol bridging --> Matches on STP BPDUs
class-map copp-system-class-arp (match-any)
match protocol arp --> Matches on ARP Ethertype (0x806)
class-map copp-system-class-dhcp (match-any)
match protocol dhcp --> Matches on DHCP UDP port number (67, 68)
class-map copp-system-class-mgmt (match-any)
match protocol mgmt. --> Matches on Telnet, SSH, HTTP, SNMP, FTP,
NTP using their well-known ports
class-map copp-system-class-lacp (match-any)
match protocol lacp --> Matches LACP BPDU address and Ethertype
(01-80-C2-00-00-02, 0?8809)
class-map copp-system-class-lldp (match-any)
match protocol lldp_dcx --> Matches on LLDP ethertype (0x88CC)
class-map copp-system-class-udld (match-any)
match protocol udld --> Matches on UDLD destination address
class-map copp-system-class-isis (match-any)
match protocol isis_dce --> Matches on ISIS Ethertype
class-map copp-system-class-msdp (match-any)
match protocol msdp --> Matches on MSDP TCP port (639)
class-map copp-system-class-cdp (match-any)
match protocol cdp --> Matches on CDP destination address 0100.0ccc.cccc
class-map copp-system-class-fip (match-any)
match protocol fip --> Matches on FIP ethertype (0x8914)
class-map copp-system-class-bgp (match-any)
match protocol bgp --> Matches on BGP TCP port number (179)
class-map copp-system-class-eigrp (match-any)
match protocol eigrp --> Matches on EIGRP IP Protocol number (88)
class-map copp-system-class-exception (match-any)
match protocol exception --> IP options, Martian packets (same src and dst addresses)
class-map copp-system-class-glean (match-any)
match protocol glean --> Matches on Adjacency lookup miss
class-map copp-system-class-hsrp-vrrp (match-any)
match protocol hsrp_vrrp --> Matches on HSRP & VRRP Destination IP
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo --> Matches on ICMP type for echo
class-map copp-system-class-ospf (match-any)
match protocol ospf --> Matches on OSPF IP Protocol number (89)
class-map copp-system-class-pim-register (match-any)
match protocol reg --> Matches on PIM register packets
class-map copp-system-class-rip (match-any)
match protocol rip --> Matches on RIP UDP Port (520)
class-map copp-system-class-l3dest-miss (match-any)
match protocol unicast --> Miss in UFIB Lookup
class-map copp-system-class-mcast-miss (match-any)
match protocol multicast --> Miss in MFIB Lookup
class-map copp-system-class-excp-ip-frag (match-any)
match protocol ip_frag --> Matches on MTU-exceeded traffic
class-map copp-system-class-excp-same-if (match-any)
match protocol same-if --> Matches traffic to be sent via same ingress interface
class-map copp-system-class-excp-ttl (match-any)
match protocol ttl --> Matches on TTL=0/1
class-map copp-system-class-default (match-any)
match protocol default --> Matches packets not matched by previous classes
Switch#
CoPP class-maps have been augmented in Release 5.2 to match on the IPv6 control packets counterparts:
class-map type control-plane match-any copp-system-class-arp
match protocol nd
class-map type control-plane match-any copp-system-class-eigrp
match protocol eigrp6
class-map type control-plane match-any copp-system-class-hsrp-vrrp
match protocol hsrp6
class-map type control-plane match-any copp-system-class-ospf
match protocol ospf3
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)