Re: CoPP question from Ivan Hrvatska on 2010-03-25 (Ccielab archives 03/2010)

From: Ivan Hrvatska <ivanzghr_at_gmail.com>
Date: Thu, 25 Mar 2010 18:34:23 +0100

Now, I don't get it what you don't get.. :)
Question was about defining all INPUT traffic that will hit CP of R2
(LDP, EIGRP, BGP, OSPF) with ACLs that will be later used in class
maps. So as I'm familiar with this topic CP takes care of routing
protocol packets, all mgmt packets destined to that R2 router, and
maybe something more.
I gave scenario, told what routing protocols are running between
routers in scenario, gave what I think that solution is.
The thing that bugs me is next: if traffic traverse through the R2,
specific BGP traffic between CE routers (let's say that CE routers are
running iBGP session). And that iBGP session is established between
loopbacks, and to establish that TCP session R2 has to check it's vrf
routing table for that loopbacks, cause CE routers are exchanging OSPF
routes via MPLS VPN. Does that action of checking vrf routing table on
R2 also impact R2's CP and should be defined in one of the ACLs which
will be used in class-map, and class-maps will be used in police-map
for some policing?

On Thu, Mar 25, 2010 at 3:34 PM, Marko Milivojevic <markom_at_ipexpert.com> wrote:
> On Thu, Mar 25, 2010 at 10:32, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
>> OK. It isn't like that. Each protocol has it's own policing to be
>> defined, but that is not question. Question is defining traffic with
>> ACLs for given scenario.
>
> It's pretty hard to give answer to the question you don't know :-).
> I'd go with Eseosa's answer barring more details about the actual
> question.
>
> Also note, CoPP differentiates between routing protocol traffic and
> other kinds of traffic. You can apply your policies only to the subset
> not even touching routing protocols.
>
> --
> Marko Milivojevic - CCIE #18427
> Senior Technical Instructor - IPexpert
>
> YES! We include 400 hours of REAL rack
> time with our Blended Learning Solution!
>
> Mailto: markom_at_ipexpert.com
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Web: http://www.ipexpert.com/

Blogs and organic groups at http://www.ccie.net
Received on Thu Mar 25 2010 - 18:34:23 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:36 ART