Re: CoPP - Question

that's interested...

so I mean with CoPP the router itself will be secured ?!
If I understand it right the traffic going through the router will also going through the control-plane !?
If so I also consider the routing traffic not directly decided to THIS router ?!

Can you confirm this ?

Dennis

-------- Original-Nachricht --------
> Datum: Sun, 14 Feb 2010 11:23:47 -0300
> Von: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> An: ccie_ka_at_gmx.de
> CC: Scott Morris <smorris_at_ine.com>, ccielab_at_groupstudy.com
> Betreff: Re: CoPP - Question

> Small detail, and may be I'll be confusing, but the traffic is not
> necessarily going TO your router, but your router is needed in its
> processing. The punted traffic (the traffic that somehow gets process
> switched) is also going to be CoPP policed.
>
> -Carlos
>
> ccie_ka_at_gmx.de @ 14/02/2010 11:01 -0300 dixit:
> > Thanks for the explanation Scott...
> > The traffic should be destined _to_ the router!
> >
> > While learning (and reading about CoPP) I have more questions...:-))
> >
> > First of all how can I classify routing protocols with access-list.
> > I have the following list defined but I'm not sure if this is the right
> solution ??
> >
> > Router1
> > !OSPF
> > ip access-list ospf
> > deny ospf any host x.x.x.x
> > deny ospf any host 224.0.0.5
> > deny ospf any host 224.0.0.6
> >
> > !eigrp
> > ip access-list eigrp
> > deny eigrp any host x.x.x.x
> > deny udp any host 224.0.0.10
> >
> > ip access-list bgp
> > deny tcp any host x.x.x.x eq 179 <- this is the local router
> > deny tcp any eq 179 19.19.y.y <- this is the bgp peer
> > deny tcp any eq 179 19.19.y.y
> >
> >
> > I'm not sure if I also need more commands for eigrp ?!
> >
> > Dennis
> > -------- Original-Nachricht --------
> >> Datum: Sun, 14 Feb 2010 08:31:23 -0500
> >> Von: Scott Morris <smorris_at_ine.com>
> >> An: ccie_ka_at_gmx.de
> >> CC: ccielab_at_groupstudy.com
> >> Betreff: Re: CoPP - Question
> >
> >> If it is flowing THROUGH your router, that would be data plane, not
> >> control plane. (and BGP is the only multihop one you can do that with)
> >>
> >> But otherwise, what kind of detail are you looking for? The object is
> to
> >> control/limit how much stuff is thrown at your router that the router
> >> itself has to actually process. Like most things, you'll start with
> >> something like is on the web and tweak it from there based on your
> >> particular needs. YMMV.
> >>
> >> Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> >>
> >> JNCIE-M #153, JNCIS-ER, CISSP, et al.
> >>
> >> JNCI-M, JNCI-ER
> >>
> >> evil_at_ine.com
> >>
> >> Internetwork Expert, Inc.
> >>
> >> http://www.InternetworkExpert.com
> >>
> >> Toll Free: 877-224-8987
> >>
> >> Outside US: 775-826-4344
> >>
> >> Knowledge is power.
> >>
> >> Power corrupts.
> >>
> >> Study hard and be Eeeeviiiil......
> >>
> >> ccie_ka_at_gmx.de wrote:
> >>
> >> Hi Group,
> >>
> >> I'm currently working with CoPP.
> >> I also read the the Cisco Documents about this stuff,
> >>
> >> Is there any good documentation in the web which explains this in
> detail
> >> ...let's say I must limit routing protocols like ospf, eigrp and bgp.
> >> How can I restrict this protocols...from flowing through a specified
> >> router..
> >>
> >> Dennis
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>

-- 
Sicherer, schneller und einfacher. Die aktuellen Internet-Browser -
jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser
Blogs and organic groups at http://www.ccie.net