Re: CoPP question

Well, it wouldn't, cause iBGP session is est between CE routers with
RID 1.1.7.7 and 1.1.6.6.
I added at the end of bgp ACL:

50 permit tcp host 1.1.7.7 host 1.1.6.6 eq bgp
60 permit tcp host 1.1.7.7 eq bgp host 1.1.6.6
100 permit tcp any any eq bgp
110 permit tcp any eq bgp any

just to see if something will be matched, but no. Nothing.

Regards

On Fri, Mar 26, 2010 at 2:02 AM, Mark Matters <markccie_at_gmail.com> wrote:
> But wouldn't that traffic already be defined with the acl's you have in your
> first post?
>
> On Thu, Mar 25, 2010 at 8:54 PM, Mark Matters <markccie_at_gmail.com> wrote:
>>
>> I was reading about this the other day. I would say yes because all the
>> routing is handled by the control plane.
>> On Thu, Mar 25, 2010 at 1:34 PM, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
>>>
>>> Now, I don't get it what you don't get.. :)
>>> Question was about defining all INPUT traffic that will hit CP of R2
>>> (LDP, EIGRP, BGP, OSPF) with ACLs that will be later used in class
>>> maps. So as I'm familiar with this topic CP takes care of routing
>>> protocol packets, all mgmt packets destined to that R2 router, and
>>> maybe something more.
>>> I gave scenario, told what routing protocols are running between
>>> routers in scenario, gave what I think that solution is.
>>> The thing that bugs me is next: if traffic traverse through the R2,
>>> specific BGP traffic between CE routers (let's say that CE routers are
>>> running iBGP session). And that iBGP session is established between
>>> loopbacks, and to establish that TCP session R2 has to check it's vrf
>>> routing table for that loopbacks, cause CE routers are exchanging OSPF
>>> routes via MPLS VPN. Does that action of checking vrf routing table on
>>> R2 also impact R2's CP and should be defined in one of the ACLs which
>>> will be used in class-map, and class-maps will be used in police-map
>>> for some policing?
>>>
>>> On Thu, Mar 25, 2010 at 3:34 PM, Marko Milivojevic <markom_at_ipexpert.com>
>>> wrote:
>>> > On Thu, Mar 25, 2010 at 10:32, Ivan Hrvatska <ivanzghr_at_gmail.com>
>>> > wrote:
>>> >> OK. It isn't like that. Each protocol has it's own policing to be
>>> >> defined, but that is not question. Question is defining traffic with
>>> >> ACLs for given scenario.
>>> >
>>> > It's pretty hard to give answer to the question you don't know :-).
>>> > I'd go with Eseosa's answer barring more details about the actual
>>> > question.
>>> >
>>> > Also note, CoPP differentiates between routing protocol traffic and
>>> > other kinds of traffic. You can apply your policies only to the subset
>>> > not even touching routing protocols.
>>> >
>>> > --
>>> > Marko Milivojevic - CCIE #18427
>>> > Senior Technical Instructor - IPexpert
>>> >
>>> > YES! We include 400 hours of REAL rack
>>> > time with our Blended Learning Solution!
>>> >
>>> > Mailto: markom_at_ipexpert.com
>>> > Telephone: +1.810.326.1444
>>> > Fax: +1.810.454.0130
>>> > Web: http://www.ipexpert.com/
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 26 2010 - 09:35:03 ART