交换机 : Cisco Nexus 5000 系列交换机

连结5500 CoPP类

2016 年 10 月 25 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈

简介

本文描述连结,并且流量类型匹配对每类的5500控制层面保护(CoPP)类。

贡献用查尔斯优素福, Cisco TAC工程师。

背景信息

CoPP在连结5500介绍通过NX-OS版本5.1(3)。CoPP在连结仅55xx实现。它不是可用的在连结50x0。

连结5500 CoPP类和他们的流量类型

连结5500提供非常对CoPP的限制管理与连结7000比较。连结5500 CoPP策略不可能完全删除。用户选择在三项预定义的策略之间或者能创建在的情况下的客户化策略CoPP类不可能从策略映射删除。仅承诺信息速率(CIR)速率/突发流量大小可以编辑。并且新的CoPP类映射不可以定义。

可能的CoPP策略映射是:

  • CoPP系统策略默认
  • copp-system-policy-scaled-l2
  • copp-system-policy-scaled-l3
  • CoPP系统策略自定义

策略映射名称是明显的。仅一四项策略可以应用在时光。所有策略删除自动地运用默认策略。


只CoPP系统策略定制能编辑。如果尝试编辑前三项策略,错误返回:

Switch(config)# policy-map type control-plane copp-system-policy-scaled-l2
ERROR: Only copp-system-policy-customized can be modified
Switch(config)#

CoPP类

所有类映射使用Match protocol语句。

类映射在运行的配置没出现。在running-config显示的唯一的CoPP相关配置是非默认定制的策略映射设置。例如:

Switch# sh run copp
!Command: show running-config copp
!Time: Tue Apr 30 20:20:00 2013

version 5.2(1)N1(2)
logging level copp 4
policy-map type control-plane copp-system-policy-customized
  class copp-system-class-arp
    police cir 5000 kbps bc 3600000 bytes
  class copp-system-class-default
    police cir 2048 kbps bc 6400000 bytes
control-plane
  service-policy input copp-system-policy-customized

Switch#

CoPP类映射可以用show class-map类型控制面板show policy-map interface控制面板检查。说明在每匹配语句旁边提供:

Switch# show policy-map interface control-plane | i class-map|match    class-map copp-system-class-igmp (match-any)
      match protocol igmp  --> Matches on IGMP IP protocol number (2)
    class-map copp-system-class-pim-hello (match-any)
      match protocol pim --> Matches on PIM IP protocol number (103)
    class-map copp-system-class-bridging (match-any)
      match protocol bridging --> Matches on STP BPDUs
   class-map copp-system-class-arp (match-any)
      match protocol arp --> Matches on ARP Ethertype (0x806)
    class-map copp-system-class-dhcp (match-any)
      match protocol dhcp --> Matches on DHCP UDP port number (67, 68)
    class-map copp-system-class-mgmt (match-any)
      match protocol mgmt. --> Matches on Telnet, SSH, HTTP, SNMP, FTP,
      NTP using their well-known ports
    class-map copp-system-class-lacp (match-any)
      match protocol lacp --> Matches LACP BPDU address and Ethertype
     (01-80-C2-00-00-02, 0�8809)
    class-map copp-system-class-lldp (match-any)
      match protocol lldp_dcx --> Matches on LLDP ethertype (0x88CC)
    class-map copp-system-class-udld (match-any)
      match protocol udld --> Matches on UDLD destination address
    class-map copp-system-class-isis (match-any)
      match protocol isis_dce --> Matches on ISIS Ethertype
    class-map copp-system-class-msdp (match-any)
      match protocol msdp --> Matches on MSDP TCP port (639)
    class-map copp-system-class-cdp (match-any)
      match protocol cdp --> Matches on CDP destination address 0100.0ccc.cccc
    class-map copp-system-class-fip (match-any)
      match protocol fip --> Matches on FIP ethertype (0x8914)
    class-map copp-system-class-bgp (match-any)
      match protocol bgp --> Matches on BGP TCP port number (179)
    class-map copp-system-class-eigrp (match-any)
      match protocol eigrp --> Matches on EIGRP IP Protocol number (88)
    class-map copp-system-class-exception (match-any)
      match protocol exception --> IP options, Martian packets (same src and dst addresses)
    class-map copp-system-class-glean (match-any)
      match protocol glean --> Matches on Adjacency lookup miss 
    class-map copp-system-class-hsrp-vrrp (match-any)
      match protocol hsrp_vrrp --> Matches on HSRP & VRRP Destination IP  
    class-map copp-system-class-icmp-echo (match-any)
      match protocol icmp_echo --> Matches on ICMP type for echo
    class-map copp-system-class-ospf (match-any)
      match protocol ospf --> Matches on OSPF IP Protocol number (89)
    class-map copp-system-class-pim-register (match-any)
      match protocol reg --> Matches on PIM register packets
    class-map copp-system-class-rip (match-any)
      match protocol rip --> Matches on RIP UDP Port (520)
    class-map copp-system-class-l3dest-miss (match-any)
      match protocol unicast --> Miss in UFIB Lookup
    class-map copp-system-class-mcast-miss (match-any)
      match protocol multicast --> Miss in MFIB Lookup
    class-map copp-system-class-excp-ip-frag (match-any)
      match protocol ip_frag --> Matches on MTU-exceeded traffic
    class-map copp-system-class-excp-same-if (match-any)
      match protocol same-if --> Matches traffic to be sent via same ingress interface
    class-map copp-system-class-excp-ttl (match-any)
      match protocol ttl --> Matches on TTL=0/1
    class-map copp-system-class-default (match-any)
      match protocol default --> Matches packets not matched by previous classes
Switch#

CoPP类映射在版本5.2在IPv6控制数据包副本被增添配比:

class-map type control-plane match-any copp-system-class-arp
      match protocol nd
class-map type control-plane match-any copp-system-class-eigrp
      match protocol eigrp6
class-map type control-plane match-any copp-system-class-hsrp-vrrp
      match protocol hsrp6
class-map type control-plane match-any copp-system-class-ospf
      match protocol ospf3


Document ID: 116270