Control Plane Policing Configuration

Control plane policing (CoPP) manages the traffic flow destined to the host router CPU for control plane processing. CoPP limits the traffic forwarded to the host CPU and avoids impact on system performance.

  • CoPP has organized the handling of control packets by providing per-protocol hardware CPU queues. So, control packets are queued in different CPU queues based on protocol.
  • Per-protocol CPU queue rate limits and buffer allocations are programmed during router initialization, thus, every CPU queue is rate-limited to a default stable and balanced behavior across protocols.
  • When control packets are received at a higher rate than the programmed rate, the excess traffic is dropped at the queue level in the packet processor hardware itself.
  • All CPU queues are pre-programmed with default rate limits and buffer allocations to ensure a default stable and balanced behavior across protocols.
  • Rate limits are in terms of Kbps. Hardware does not support packets per second (PPS).
  • Qumran (MX, AX, and UX) supports per-queue rate shaping configurations within a range of 469 Kbps to 483 Gbps. The granularity is 469 Kbps for the low range and 1.56% for the higher range.

Topology

A network traffic simulator device connects to a router (R1) to generate and send various types of network traffic. The router, which has CoPP configured, manages and limits traffic destined for its CPU using multiple CPU queues with specific properties for different control traffic types. Another traffic simulator device connects to the router to generate or receive traffic, testing the router's CPU queues and CoPP configurations to handle different traffic loads and types.

Topology 1. Simple configuration of CPU Queuing

The CPU queue rates are listed for each protocol queue.

Table 51.

Default CPU queues

Default queues

Default rate In kbps

Maximum configurable rate in kbps

Default queue length in kbytes

Description

CPU0.q0

900

20000

1024

Unclassified protocols and unknown or destination lookup failure packets are redirected to default CPU queues 0-7 based on the packet's cos/dscp values.

SSH, TELNET, and SNMP traffic destined to host router CPU is remarked to CPU0.q6.

SSH: TCP Source/Destination port 22

TELNET: TCP Source/Destination port 23

SNMP: UDPClosed User Datagram Protocol Source/Destination port 161/162

CPU0.q1

900

20000

1024

CPU0.q2

900

20000

1024

CPU0.q3

900

20000

1024

CPU0.q4

900

20000

1024

CPU0.q5

900

20000

1024

CPU0.q6

10000

20000

1024

CPU0.q7

900

20000

1024
Table 52.

Per protocol CPU queues

Protocol queues

Defaultrate In kbps

Maximum configurable Rate in kbps

Default queue length in kbytes

Description

IGMP

1000

1000

2048

Internet Group Management Protocol packets (IP protocol 2)

ISIS/ESIS

8000

8000

1024

ISIS (DMAC 0180:C200:0014/0015)

ESIS (DMAC 0900:2B00:0004/0005)

ESIS = End System-to-Intermediate System (ISIS point-to-point case)

Reserved Mcast

8000

8000

2048

Reserved IPv4 and IPv6 Multicast packets

IPv4: Local Network Control Block (224.0.0.0 - 224.0.0.255 (224.0.0/24))

IPv6: Link-Local Scope Multicast Addresses (FF02::/8)

IPv6 Link Local

1000

20000

1024

IPv6 link local packets

DIPv6: FE80::/8

OSPF

8000

8000

1024

OSPF unicast packets (IP protocol 89)

BGP

8000

8000

1024

BGP packets

TCP source/destination port number: 179

RSVP/LDP

1500

1500

1024

RSVP and LDP packets

RSVP: IP protocol 46

LDP: L4 source/destination port number:646

VRRP/RIP/DHCPClosed Dynamic Host Configuration Protocol

2000

2000

1024

VRRP packets: IP protocol number 112

RIP packets: UDP source and destination port number: 520

RIPNG packets: UDP source and destination port number: 521

DHCP: DHCP v4/v6 server packets, DHCP v4/v6 client packets (L4 source/destination port number: 67 or 68)

PIM

8000

8000

1024

Protocol Independent Multicast packets: IP protocol number 103

ICMPClosed Internet Control Message Protocol (ICMP) is a fundamental protocol used in networking to relay error messages and operational information.

1000

1000

1024

ICMP packets: IP protocol number 1

Unicast ICMPv6 packets: IP next header number 58

ARP

1000

1000

1024

ARP packets. Ether-type 0x0806

BPDU

8000

8000

1024

xSTP: DMAC 0180:C200:0000

Provider Bridging: 0180:C200:0008

LACP: DMAC 0180:C200:0002, ethertype:0x8809, subtype:1/2

AUTHD: DMAC 0180:C200:0003

LLDP: DMAC 0180:C200:000E

EFM: DMAC 0180:C200:0002, ethertype:0x8809, subtype:3

ELMI: DMAC 0180:C200:0007

SYNCE: DMAC 0180:C200:0002, ethertype:0x8809, subtype:0x0A

RPVST: DMAC 0100:0CCC:CCCD

L2TP: DMAC 0100:C2CD:CDD0/0104:DFCD:CDD0

G8032: DMAC 0119:A700:00XX

OAMP

1000

1000

1024

OAMP packets

sFlowClosed Sampled Flow data sFlow (sFlow) is the standard for monitoring high-speed switched and routed networks. The sFlow monitoring system consists of an sFlow Agent which is embedded in a switch or router and an sFlow Collector.

16384

16384

1024

Ingress and Egress sampled packets.

DSP

1500

1500

76800

L2 FDB events

EVPN

468

468

1024

ARP and ND cache queue for packets coming on VXLAN access ports.

nhop

500

500

1024

Inter VRFClosed Virtual Routing and Forwarding route leak unresolved data packets for ARP resolution.
mgmt-route-leak 8000 8000 1024  

ICMP-redirect

400

400

256

Data packets to CPU for ICMP redirect packet generation.

Guest

8000

8000

1024

CFM

1000

1000

1024

BFD

4000

4000

1024

BFD Single hop packets: UDP port 3784, TTL 255 BFD Multi hop packets: UDP port 4784

Micro BFD packets: UDP port 6784, TTL 255

PTP

4000

4000

1024