Restrictions for CoPP
Restrictions for control plane policing (CoPP) include the following:
-
Only ingress CoPP is supported. The system-cpp-policy policy-map is available on the control plane interface, and only in the ingress direction.
-
Only the system-cpp-policy policy-map can be installed on the control plane interface.
-
The system-cpp-policy policy-map and the system-defined classes cannot be modified or deleted.
-
Only the police action is allowed under the system-cpp-policy policy-map. The police rate for system-defined classes must be configured only in packets per second (pps)
-
One or more CPU queues are part of each class-map. Where multiple CPU queues belong to one class-map, changing the policer rate of a class-map affects all CPU queues that belong to that class-map. Similarly, disabling the policer in a class-map disables all queues that belong to that class-map. See Table: System-Defined Values for CoPP for information about which CPU queues belong to each class-map.
-
Disabling the policer for a system-defined class map is not recommended. That is, do not configure the no police rate rate pps command. Doing so affects the overall system health in case of high traffic towards the CPU. Further, even if you disable the policer rate for a system-defined class map, the systems automatically reverts to the default policer rate after system bootup in order to protect the system bring-up process.
-
The show run command does not display information about classes configured under
system-cpp policy
, when they are left at default values. Use the show policy-map system-cpp-policy or the show policy-map control-plane commands instead.You can continue use the show run command to display information about custom policies.
-
Starting from Cisco IOS XE Fuji 16.8.1a, the creation of user-defined class-maps is not supported.