Re: CoPP question

if the task asks you to do control plane policing for all input
packets , the solution below should suffice:

class-map POLICE
 match any

policy-map COPP
 class POLICE
   police rate xxx

control-plane
  service-policy input COPP

On 3/25/10, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
> 10.1.12.0/24
> R1 (PE) ----------eigrp------------ R2 (PE)
> | |
> | |
> ospf ospf
> | |
> | |
> CE CE
>
>
> OK. Scenario is like this. MPLS core has EIGRP running. PE routers are
> running MPBGP, and running OSPF with CE routers.
> Task is that R2 has control-plane policing of all INPUT packets.
>
> R1:
> Lo0 - 1.1.1.1
> Lo1 - 11.11.11.11 (used for sham-link)
> Fa0/0 (to R2) - 10.1.12.1/24
>
> R2:
> Lo - 2.2.2.2
> Lo1 - 11.11.11.22 (used for sham link)
> Fa0/0 (to R1) - 10.1.12.2/24
>
> ACLs to define interesting traffic coming INTO R2's control-plane:
>
> !
> ip access-list extended BGP
> permit tcp host 10.1.12.1 host 10.1.12.2 eq bgp
> permit tcp host 1.1.1.1 host 2.2.2.2 eq bgp
> permit tcp host 10.1.12.1 eq bgp host 10.1.12.2
> permit tcp host 1.1.1.1 eq bgp host 2.2.2.2
> ip access-list extended EIGRP
> permit eigrp host 10.1.12.1 any
> permit eigrp any host 224.0.0.10
> ip access-list extended LDP
> permit udp host 1.1.1.1 any eq 646
> permit udp host 10.1.12.1 any eq 646
> permit tcp host 1.1.1.1 any eq 646
> permit tcp host 10.1.12.1 any eq 646
> ip access-list extended OSPF
> permit ospf any host 10.1.12.2
> permit ospf any host 224.0.0.5
> permit ospf any host 224.0.0.6
> !
>
> This is what it is matched:
>
> Extended IP access list BGP
> 10 permit tcp host 10.1.12.1 host 10.1.12.2 eq bgp
> 20 permit tcp host 1.1.1.1 host 2.2.2.2 eq bgp (63 matches)
> 30 permit tcp host 10.1.12.1 eq bgp host 10.1.12.2
> 40 permit tcp host 1.1.1.1 eq bgp host 2.2.2.2
> Extended IP access list EIGRP
> 10 permit eigrp host 10.1.12.1 any (17727 matches)
> 20 permit eigrp any host 224.0.0.10 (437 matches)
> Extended IP access list LDP
> 5 permit udp host 1.1.1.1 any eq 646
> 10 permit udp host 10.1.12.1 any eq 646 (18757 matches)
> 15 permit tcp host 1.1.1.1 any eq 646 (117 matches)
> 20 permit tcp host 10.1.12.1 any eq 646
> Extended IP access list OSPF
> 30 permit ospf any host 10.1.12.2
> 35 permit ospf any host 224.0.0.5 (337 matches)
> 40 permit ospf any host 224.0.0.6
>
> So, my question: is above statements enough? Is something too much,
> since not all statements are matched?
> On Cisco site I read that routing protocols should have exceed action
> transmit? Is that the case? That means no policing should be done on
> such traffic?
> Let's say that CE routers are also customer's iBGP routers and iBGP
> sessions are established using reachability provided by customer's
> OSPF, and connectivity for OSPF between two customer's site is
> provided by MPLS VPN. Does the iBGP traffic between CE routers also
> gets to R2 control-.plane for processing or is it just traverse
> traffic. If R2 has to look into it's routing table for that traffic is
> it also coming to CP of R2 or not?
>
> Thanks
>
> Regards
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Warm Regards,
Eseosa
CCIE #23782
"The Christian is a person who makes it easy for others to believe in
God." - Robert M. McCheyne
Blogs and organic groups at http://www.ccie.net