Restrictions for CoPP
Restrictions for control plane policing (CoPP) include the following:
-
Only ingress CoPP is supported. The system-cpp-policy policy-map is available on the control plane interface, and only in the ingress direction.
-
Only the system-cpp-policy policy-map can be installed on the control plane interface.
-
The system-cpp-policy policy-map and the 17 system-defined classes cannot be modified or deleted.
-
Only the police action is allowed under the system-cpp-policy policy-map. The police rate for system-defined classes must be configured only in packets per second (pps); for user-defined class maps this must be configured only in bits per second (bps).
-
We recommend not disabling the policer for a system-defined class map, that is, do not configure the no police rate rate pps command. Doing so affects the overall system health in case of high traffic towards the CPU. Further, even if you disable the policer rate for a system-defined class map, the system automatically reverts to the default policer rate after system bootup in order to protect the system bring-up process.
-
One or more CPU queues are part of each class-map. Changing the policer rate of a class-map affects all CPU queues that belong to that class-map. Similarly, disabling the policer in a class-map disables all queues that belong to that class-map. See Table 1 for information about which CPU queues belong to each class-map.
-
The show run command does not display information about classes configured under
system-cpp policy
, when they are left at default values. Use the show policy-map system-cpp-policy or the show policy-map control-plane commands instead.You can continue use the show run command to display information about custom policies.
-
Starting from Cisco IOS XE Fuji 16.8.1a, the creation of user-defined class-maps is not supported.