RE: CONTROL PLANE POLICING OR RATE LIMITING POLICING?

From: Scott Morris (smorris@ipexpert.com)
Date: Wed Mar 26 2008 - 23:17:55 ART

• Next message: Scott Morris: "RE: Under the desk.."
• Previous message: Shine Joseph: "RE: How to disable SNMP trap for Virtual-Access interface"
• Maybe in reply to: Carlos Trujillo: "CONTROL PLANE POLICING OR RATE LIMITING POLICING?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

While I have not specifically tried that, I'd be VERY surprised if it did
work for it. :) "processed" for no route-cache means a Route Table lookup.
"processed" for things like BGP, telnet, syslog, tftp, etc. means L7
processing.
 
HTH,
 
Scott

  _____

From: Daniel Valle [mailto:danielfrvalle@gmail.com]
Sent: Wednesday, March 26, 2008 4:23 PM
To: Scott Morris
Cc: Carlos Trujillo; ccielab@groupstudy.com
Subject: Re: CONTROL PLANE POLICING OR RATE LIMITING POLICING?

Hi Scott,
 
when you say pocessed by the router, if we set all interfaces to "no ip
route-cache" all packets through the router would be also processed. In that
case would Control pane also work for those transit packets ?
 
 
Thanks in advance,
 
Daniel

 
On 3/25/08, Scott Morris <smorris@ipexpert.com> wrote:

The control plane represents packets PROCESSED by the router. So if things
are "destined" for the router's IP addresses themselves, COPP would be the
likely solution.

If this is about things going THROUGH the router then standard rate-limiting
would be the choice.

I think the wording is a little vague for that example, so it would either
beg asking the proctor a clarification question, or look at other tasks
right around it to gain more context.

HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
#153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor

smorris@ipexpert.com

Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Carlos Trujillo
Sent: Tuesday, March 25, 2008 11:08 AM
To: ccielab@groupstudy.com
Subject: CONTROL PLANE POLICING OR RATE LIMITING POLICING?

Hi Group.

Im trying to figure when to use Control Plane policing applied in the
control plane of the router or instead use rate-limiting applied in a
interface of the router. I have 2 solutions to a question, and Please if
someone can help me clarify what is the correct solution may I employ, or if
both solutions work fine according to the following requirements:

Let see my example:

Configure R1 so that it limits traffic to 8000k destined to all of its
interfaces.

---------ETH0/0[ROUTER-1]ETH0/1-------

eth0/0
ip address 1.1.1.1 255.255.255.0

eth 0/1
ip address 2.2.2.2 255.255.255.0

****** SOLUTION 1:

access-list 101 permit ip any host 1.1.1.1 access-list 101 permit ip any
host 2.2.2.2

int eth 0/0
rate-limit input access-group 101 8000 1500 2000 conform-action transmit
exceed-action drop

int eth 0/1
rate-limit input access-group 101 8000 1500 2000 conform-action transmit
exceed-action drop

*******SOLUTION 2:

class-map control-plane-class
match access-group 101

policy-map control-plane-policy
class control-plane-class
police 8000 conform-action transmit exceed-action drop

• Next message: Scott Morris: "RE: Under the desk.."
• Previous message: Shine Joseph: "RE: How to disable SNMP trap for Virtual-Access interface"
• Maybe in reply to: Carlos Trujillo: "CONTROL PLANE POLICING OR RATE LIMITING POLICING?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART