Re: CoPP - Question

ccie_ka_at_gmx.de @ 14/02/2010 12:07 -0300 dixit:
> that's interested...
>
> so I mean with CoPP the router itself will be secured ?!

That's the idea.

> If I understand it right the traffic going through the
> router will also going through the control-plane !?

Hmm, that's the confusing part.
Traffic going through is not usually considered control-plane, but
some will need to be taken care by the router processor.
On the other side, MOST traffic going through should not take this path.

> If so I also consider the routing traffic not directly decided to THIS router ?!

I don't understand this phrase. Sorry.
-Carlos
>
> Can you confirm this ?
>
> Dennis
>
>
> -------- Original-Nachricht --------
>> Datum: Sun, 14 Feb 2010 11:23:47 -0300
>> Von: Carlos G Mendioroz <tron_at_huapi.ba.ar>
>> An: ccie_ka_at_gmx.de
>> CC: Scott Morris <smorris_at_ine.com>, ccielab_at_groupstudy.com
>> Betreff: Re: CoPP - Question
>
>> Small detail, and may be I'll be confusing, but the traffic is not
>> necessarily going TO your router, but your router is needed in its
>> processing. The punted traffic (the traffic that somehow gets process
>> switched) is also going to be CoPP policed.
>>
>> -Carlos
>>
>> ccie_ka_at_gmx.de @ 14/02/2010 11:01 -0300 dixit:
>>> Thanks for the explanation Scott...
>>> The traffic should be destined _to_ the router!
>>>
>>> While learning (and reading about CoPP) I have more questions...:-))
>>>
>>> First of all how can I classify routing protocols with access-list.
>>> I have the following list defined but I'm not sure if this is the right
>> solution ??
>>> Router1
>>> !OSPF
>>> ip access-list ospf
>>> deny ospf any host x.x.x.x
>>> deny ospf any host 224.0.0.5
>>> deny ospf any host 224.0.0.6
>>>
>>> !eigrp
>>> ip access-list eigrp
>>> deny eigrp any host x.x.x.x
>>> deny udp any host 224.0.0.10
>>>
>>> ip access-list bgp
>>> deny tcp any host x.x.x.x eq 179 <- this is the local router
>>> deny tcp any eq 179 19.19.y.y <- this is the bgp peer
>>> deny tcp any eq 179 19.19.y.y
>>>
>>>
>>> I'm not sure if I also need more commands for eigrp ?!
>>>
>>> Dennis
>>> -------- Original-Nachricht --------
>>>> Datum: Sun, 14 Feb 2010 08:31:23 -0500
>>>> Von: Scott Morris <smorris_at_ine.com>
>>>> An: ccie_ka_at_gmx.de
>>>> CC: ccielab_at_groupstudy.com
>>>> Betreff: Re: CoPP - Question
>>>> If it is flowing THROUGH your router, that would be data plane, not
>>>> control plane. (and BGP is the only multihop one you can do that with)
>>>>
>>>> But otherwise, what kind of detail are you looking for? The object is
>> to
>>>> control/limit how much stuff is thrown at your router that the router
>>>> itself has to actually process. Like most things, you'll start with
>>>> something like is on the web and tweak it from there based on your
>>>> particular needs. YMMV.
>>>>
>>>> Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>>>>
>>>> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>>>>
>>>> JNCI-M, JNCI-ER
>>>>
>>>> evil_at_ine.com
>>>>
>>>> Internetwork Expert, Inc.
>>>>
>>>> http://www.InternetworkExpert.com
>>>>
>>>> Toll Free: 877-224-8987
>>>>
>>>> Outside US: 775-826-4344
>>>>
>>>> Knowledge is power.
>>>>
>>>> Power corrupts.
>>>>
>>>> Study hard and be Eeeeviiiil......
>>>>
>>>> ccie_ka_at_gmx.de wrote:
>>>>
>>>> Hi Group,
>>>>
>>>> I'm currently working with CoPP.
>>>> I also read the the Cisco Documents about this stuff,
>>>>
>>>> Is there any good documentation in the web which explains this in
>> detail
>>>> ...let's say I must limit routing protocols like ospf, eigrp and bgp.
>>>> How can I restrict this protocols...from flowing through a specified
>>>> router..
>>>>
>>>> Dennis
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>> --
>> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net